cbcvebase.
CVE-2025-24437
published 2025-02-11

CVE-2025-24437: Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could…

medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view or modify select information. Exploitation of this issue does not require user interaction.

Affected

21 ranges
VendorProductVersion rangeFixed in
adobeadobe_commerce<= 2.4.8-beta1
adobecommerce
adobecommerce
adobecommerce
adobecommerce
adobecommerce
adobecommerce_b2b
adobecommerce_b2b
adobecommerce_b2b
adobecommerce_b2b
adobecommerce_b2b
adobemagento
adobemagento
adobemagento
adobemagento
adobemagento
magentocommunity-edition>= 0 < 2.4.4-p122.4.4-p12
magentocommunity-edition>= 2.4.5-p1 < 2.4.5-p112.4.5-p11
magentocommunity-edition>= 2.4.6-p1 < 2.4.6-p92.4.6-p9
magentocommunity-edition>= 2.4.7-beta1 < 2.4.7-p42.4.7-p4
magentoproject-community-edition0 – 2.0.2