← Back

CVE-2025-54265

nvd nist
Published: Oct 14, 2025Modified: Apr 28, 2026

JSON object

Loading...
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.

Affected (150)

Adobe
3 products
Commerce
Commerce B2b
Magento
Configuration A
62 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Commerce
Version 2.4.4
Commerce
Version 2.4.4 p10
Commerce
Version 2.4.4 p11
Commerce
Version 2.4.4 p12
Commerce
Version 2.4.4 p13
Commerce
Version 2.4.4 p14
Commerce
Version 2.4.4 p15
Commerce
Version 2.4.4 p1
Commerce
Version 2.4.4 p2
Commerce
Version 2.4.4 p3
Commerce
Version 2.4.4 p4
Commerce
Version 2.4.4 p5
Commerce
Version 2.4.4 p6
Commerce
Version 2.4.4 p7
Commerce
Version 2.4.4 p8
Commerce
Version 2.4.4 p9
Commerce
Version 2.4.5
Commerce
Version 2.4.5 p10
Commerce
Version 2.4.5 p11
Commerce
Version 2.4.5 p12
Commerce
Version 2.4.5 p13
Commerce
Version 2.4.5 p14
Commerce
Version 2.4.5 p1
Commerce
Version 2.4.5 p2
Commerce
Version 2.4.5 p3
Commerce
Version 2.4.5 p4
Commerce
Version 2.4.5 p5
Commerce
Version 2.4.5 p6
Commerce
Version 2.4.5 p7
Commerce
Version 2.4.5 p8
Commerce
Version 2.4.5 p9
Commerce
Version 2.4.6
Commerce
Version 2.4.6 p10
Commerce
Version 2.4.6 p11
Commerce
Version 2.4.6 p12
Commerce
Version 2.4.6 p1
Commerce
Version 2.4.6 p2
Commerce
Version 2.4.6 p3
Commerce
Version 2.4.6 p4
Commerce
Version 2.4.6 p5
Commerce
Version 2.4.6 p6
Commerce
Version 2.4.6 p7
Commerce
Version 2.4.6 p8
Commerce
Version 2.4.6 p9
Commerce
Version 2.4.7
Commerce
Version 2.4.7 b1
Commerce
Version 2.4.7 b2
Commerce
Version 2.4.7 beta3
Commerce
Version 2.4.7 p1
Commerce
Version 2.4.7 p2
Commerce
Version 2.4.7 p3
Commerce
Version 2.4.7 p4
Commerce
Version 2.4.7 p5
Commerce
Version 2.4.7 p6
Commerce
Version 2.4.7 p7
Commerce
Version 2.4.8
Commerce
Version 2.4.8 beta1
Commerce
Version 2.4.8 beta2
Commerce
Version 2.4.8 p1
Commerce
Version 2.4.8 p2
Commerce
Version 2.4.9 alpha1
Commerce
Version 2.4.9 alpha2
Configuration B
57 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Commerce B2b
Version 1.3.3
Commerce B2b
Version 1.3.3 p10
Commerce B2b
Version 1.3.3 p11
Commerce B2b
Version 1.3.3 p12
Commerce B2b
Version 1.3.3 p13
Commerce B2b
Version 1.3.3 p14
Commerce B2b
Version 1.3.3 p15
Commerce B2b
Version 1.3.3 p1
Commerce B2b
Version 1.3.3 p2
Commerce B2b
Version 1.3.3 p3
Commerce B2b
Version 1.3.3 p4
Commerce B2b
Version 1.3.3 p5
Commerce B2b
Version 1.3.3 p6
Commerce B2b
Version 1.3.3 p7
Commerce B2b
Version 1.3.3 p8
Commerce B2b
Version 1.3.3 p9
Commerce B2b
Version 1.3.4
Commerce B2b
Version 1.3.4 p10
Commerce B2b
Version 1.3.4 p11
Commerce B2b
Version 1.3.4 p12
Commerce B2b
Version 1.3.4 p13
Commerce B2b
Version 1.3.4 p14
Commerce B2b
Version 1.3.4 p1
Commerce B2b
Version 1.3.4 p2
Commerce B2b
Version 1.3.4 p3
Commerce B2b
Version 1.3.4 p4
Commerce B2b
Version 1.3.4 p5
Commerce B2b
Version 1.3.4 p6
Commerce B2b
Version 1.3.4 p7
Commerce B2b
Version 1.3.4 p8
Commerce B2b
Version 1.3.4 p9
Commerce B2b
Version 1.3.5
Commerce B2b
Version 1.3.5 p10
Commerce B2b
Version 1.3.5 p11
Commerce B2b
Version 1.3.5 p12
Commerce B2b
Version 1.3.5 p1
Commerce B2b
Version 1.3.5 p2
Commerce B2b
Version 1.3.5 p3
Commerce B2b
Version 1.3.5 p4
Commerce B2b
Version 1.3.5 p5
Commerce B2b
Version 1.3.5 p6
Commerce B2b
Version 1.3.5 p7
Commerce B2b
Version 1.3.5 p8
Commerce B2b
Version 1.3.5 p9
Commerce B2b
Version 1.4.2
Commerce B2b
Version 1.4.2 p1
Commerce B2b
Version 1.4.2 p2
Commerce B2b
Version 1.4.2 p3
Commerce B2b
Version 1.4.2 p4
Commerce B2b
Version 1.4.2 p5
Commerce B2b
Version 1.4.2 p6
Commerce B2b
Version 1.4.2 p7
Commerce B2b
Version 1.5.2
Commerce B2b
Version 1.5.2 p1
Commerce B2b
Version 1.5.2 p2
Commerce B2b
Version 1.5.3 alpha1
Commerce B2b
Version 1.5.3 alpha2
Configuration C
31 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Magento
Version 2.4.6
Magento
Version 2.4.6 p10
Magento
Version 2.4.6 p11
Magento
Version 2.4.6 p12
Magento
Version 2.4.6 p1
Magento
Version 2.4.6 p2
Magento
Version 2.4.6 p3
Magento
Version 2.4.6 p4
Magento
Version 2.4.6 p5
Magento
Version 2.4.6 p6
Magento
Version 2.4.6 p7
Magento
Version 2.4.6 p8
Magento
Version 2.4.6 p9
Magento
Version 2.4.7
Magento
Version 2.4.7 b1
Magento
Version 2.4.7 b2
Magento
Version 2.4.7 beta3
Magento
Version 2.4.7 p1
Magento
Version 2.4.7 p2
Magento
Version 2.4.7 p3
Magento
Version 2.4.7 p4
Magento
Version 2.4.7 p5
Magento
Version 2.4.7 p6
Magento
Version 2.4.7 p7
Magento
Version 2.4.8
Magento
Version 2.4.8 beta1
Magento
Version 2.4.8 beta2
Magento
Version 2.4.8 p1
Magento
Version 2.4.8 p2
Magento
Version 2.4.9 alpha1
Magento
Version 2.4.9 alpha2

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

Source: psirt@adobe.com
Vendor Advisory

Timeline

No history available yet.