CVE-2025-27188

CWE-863 — Incorrect Authorization CWE-2854 documents4 sources

Severity

4.3MEDIUM

EPSS

0.5%

top 36.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Commerce Adobe Commerce B2B Adobe Magento +2 more

Timeline

PublishedApr 8

Description

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶NVDadobe/commerce< 2.4.4+5

▶NVDadobe/commerce_b2b< 1.3.3+6

▶CVEListV5adobe/adobe_commerce2.4.8-beta2

▶NVDadobe/magento< 2.4.4+5

▶Packagistmagento/community-edition2.4.5-p1 — 2.4.5-p12+4

Patches

Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

Magento Improper Authorization vulnerability↗2025-04-08

▶

CVEList

Adobe Commerce | Incorrect Authorization (CWE-863)↗2025-04-08

▶

OSV

Magento Improper Authorization vulnerability↗2025-04-08

▶