CVE-2025-24408: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could…

medium6.5CVSS 3.1

AVNACLPRLUINSUCHINAN

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.

Affected

24 ranges

Vendor	Product	Version range	Fixed in
adobe	adobe_commerce	<= 2.4.8-beta1	—
adobe	commerce	< 2.4.4	2.4.4
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce_b2b	< 1.3.3	1.3.3
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	magento	< 2.4.4	2.4.4
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
magento	community-edition	>= 0 < 2.4.4-p12	2.4.4-p12
magento	community-edition	>= 2.4.5-p1 < 2.4.5-p11	2.4.5-p11
magento	community-edition	>= 2.4.6-p1 < 2.4.6-p9	2.4.6-p9
magento	community-edition	>= 2.4.7-beta1 < 2.4.7-p4	2.4.7-p4
magento	project-community-edition	0 – 2.0.2	—