CVE-2025-24409

Published Feb 11, 2025

Last updated 11 days ago

CVSS high 8.2

Overview

Description
Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.
Source
psirt@adobe.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
8.2
Impact score
4.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Severity
HIGH

Weaknesses

psirt@adobe.com
CWE-285

Social media

Hype score
Not currently trending

  1. CVE-2025-24409 Improper Authorization Vulnerability in Adobe Commerce Versions Prior to 2.4.7 https://t.co/a7Y4l8Zvy8

    @VulmonFeeds

    12 Feb 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References