CVE-2025-27189

Published: Apr 8, 2025Modified: Apr 30, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Exploitability: 2.8 / Impact: 1.4

Source: psirt@adobe.com (Secondary)

Description

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website.

Affected (20)

Products: Adobe: Commerce B2b

Adobe

1 product

Commerce B2b

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Adobe Commerce B2b	Before 1.3.3
Adobe Commerce B2b	Version 1.3.3
Adobe Commerce B2b	Version 1.3.3 p10
Adobe Commerce B2b	Version 1.3.3 p11
Adobe Commerce B2b	Version 1.3.3 p12
Adobe Commerce B2b	Version 1.3.4
Adobe Commerce B2b	Version 1.3.4 p10
Adobe Commerce B2b	Version 1.3.4 p11
Adobe Commerce B2b	Version 1.3.4 p9
Adobe Commerce B2b	Version 1.3.5
Adobe Commerce B2b	Version 1.3.5 p7
Adobe Commerce B2b	Version 1.3.5 p8
Adobe Commerce B2b	Version 1.3.5 p9
Adobe Commerce B2b	Version 1.4.2
Adobe Commerce B2b	Version 1.4.2 p1
Adobe Commerce B2b	Version 1.4.2 p2
Adobe Commerce B2b	Version 1.4.2 p3
Adobe Commerce B2b	Version 1.4.2 p4
Adobe Commerce B2b	Version 1.5.0
Adobe Commerce B2b	Version 1.5.1

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (1)

https://helpx.adobe.com/security/products/magento/apsb25-26.html

Source: psirt@adobe.com

PatchRelease NotesVendor Advisory

Timeline

No history available yet.