CVE-2025-27191: Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could…

medium5.3CVSS 3.1

AVNACLPRNUINSUCNILAN

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
adobe	adobe_commerce	<= 2.4.8-beta2	—
adobe	commerce	< 2.4.4	2.4.4
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce_b2b	< 1.3.3	1.3.3
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	magento	< 2.4.4	2.4.4
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
magento	community-edition	>= 0 < 2.4.4-p13	2.4.4-p13
magento	community-edition	>= 2.4.5-p1 < 2.4.5-p12	2.4.5-p12
magento	community-edition	>= 2.4.6-p1 < 2.4.6-p10	2.4.6-p10
magento	community-edition	>= 2.4.7-beta1 < 2.4.7-p5	2.4.7-p5
magento	community-edition	>= 2.4.8-beta1 < 2.4.8-beta2	2.4.8-beta2
magento	project-community-edition	0 – 2.0.2	—