- Description
- Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
- Source
- psirt@adobe.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- psirt@adobe.com
- CWE-285
- Hype score
- Not currently trending
⚠️ Critical Vulnerability Alert: 0-day Shell Uploader Targeting Magento/Adobe Commerce 📅 Timeline: Disclosure Date: 2025-02-13 (CVE-2025-24434 patch release) Exploit Activity Reported: 2025-02-16 (threat actor advertisement) 📌 Attribution: Threat actor(s) advertising exploit…
@syedaquib77
16 Feb 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-24434: CRITICAL] Critical Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and prior have a severe Privilege Escalation flaw, enabling unauthorized access without user inter...#cybersecurity,#vulnerability https://t.co/jgOxQZMTn9 https://t.c
@CveFindCom
11 Feb 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes