CVE-2025-24421: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could…

medium4.3CVSS 3.1

AVNACLPRLUINSUCLINAN

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction

Affected

24 ranges

Vendor	Product	Version range	Fixed in
adobe	adobe_commerce	<= 2.4.8-beta1	—
adobe	commerce	< 2.4.4	2.4.4
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce_b2b	< 1.3.3	1.3.3
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	magento	< 2.4.4	2.4.4
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
magento	community-edition	>= 0 < 2.4.4-p12	2.4.4-p12
magento	community-edition	>= 2.4.5-p1 < 2.4.5-p11	2.4.5-p11
magento	community-edition	>= 2.4.6-p1 < 2.4.6-p9	2.4.6-p9
magento	community-edition	>= 2.4.7-beta1 < 2.4.7-p4	2.4.7-p4
magento	project-community-edition	0 – 2.0.2	—