cbcvebase.
CVE-2025-24429
published 2025-02-11

CVE-2025-24429: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could…

low3.5CVSS 3.1
AVNACLPRLUIRSUCLINAN
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction.

Affected

24 ranges
VendorProductVersion rangeFixed in
adobeadobe_commerce<= 2.4.8-beta1
adobecommerce< 2.4.42.4.4
adobecommerce
adobecommerce
adobecommerce
adobecommerce
adobecommerce
adobecommerce_b2b< 1.3.31.3.3
adobecommerce_b2b
adobecommerce_b2b
adobecommerce_b2b
adobecommerce_b2b
adobecommerce_b2b
adobemagento< 2.4.42.4.4
adobemagento
adobemagento
adobemagento
adobemagento
adobemagento
magentocommunity-edition>= 0 < 2.4.4-p122.4.4-p12
magentocommunity-edition>= 2.4.5-p1 < 2.4.5-p112.4.5-p11
magentocommunity-edition>= 2.4.6-p1 < 2.4.6-p92.4.6-p9
magentocommunity-edition>= 2.4.7-beta1 < 2.4.7-p42.4.7-p4
magentoproject-community-edition0 – 2.0.2