cbcvebase.
CVE-2025-27190
published 2025-04-08

CVE-2025-27190: Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could…

medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

Affected

22 ranges
VendorProductVersion rangeFixed in
adobeadobe_commerce<= 2.4.8-beta2
adobecommerce
adobecommerce
adobecommerce
adobecommerce
adobecommerce
adobecommerce_b2b
adobecommerce_b2b
adobecommerce_b2b
adobecommerce_b2b
adobecommerce_b2b
adobemagento
adobemagento
adobemagento
adobemagento
adobemagento
magentocommunity-edition>= 0 < 2.4.4-p132.4.4-p13
magentocommunity-edition>= 2.4.5-p1 < 2.4.5-p122.4.5-p12
magentocommunity-edition>= 2.4.6-p1 < 2.4.6-p102.4.6-p10
magentocommunity-edition>= 2.4.7-beta1 < 2.4.7-p52.4.7-p5
magentocommunity-edition>= 2.4.8-beta1 < 2.4.8-beta22.4.8-beta2
magentoproject-community-edition0 – 2.0.2