CVE-2025-24407

Published Feb 11, 2025

Last updated 16 days ago

CVSS high 7.1

Overview

Description: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low privileged attacker could exploit this vulnerability to perform actions with permissions that were not granted leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction.
Source: psirt@adobe.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity: HIGH

Weaknesses

psirt@adobe.com: CWE-863

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
            "versionEndExcluding": "1.3.3"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References