CVE-2025-24407

Published: Feb 11, 2025Modified: Apr 16, 2025

7.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Exploitability: 2.8 / Impact: 4.2

Source: NVD

Description

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low privileged attacker could exploit this vulnerability to perform actions with permissions that were not granted leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction.

Affected (15)

Products: Adobe: Commerce B2b

Adobe

1 product

Commerce B2b

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Adobe Commerce B2b	Before 1.3.3
Adobe Commerce B2b	Version 1.3.3
Adobe Commerce B2b	Version 1.3.3 p10
Adobe Commerce B2b	Version 1.3.3 p11
Adobe Commerce B2b	Version 1.3.4
Adobe Commerce B2b	Version 1.3.4 p10
Adobe Commerce B2b	Version 1.3.4 p9
Adobe Commerce B2b	Version 1.3.5
Adobe Commerce B2b	Version 1.3.5 p7
Adobe Commerce B2b	Version 1.3.5 p8
Adobe Commerce B2b	Version 1.4.2
Adobe Commerce B2b	Version 1.4.2 p1
Adobe Commerce B2b	Version 1.4.2 p2
Adobe Commerce B2b	Version 1.4.2 p3
Adobe Commerce B2b	Version 1.5.0

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://helpx.adobe.com/security/products/magento/apsb25-08.html

Source: psirt@adobe.com

Vendor Advisory

Timeline

No history available yet.