CVE-2025-27192

CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
2.7LOW
EPSS
0.6%
top 30.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Adobe CommerceAdobe Commerce B2BAdobe Magento+3 more
Timeline
PublishedApr 8

Description

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages6 packages

NVDadobe/commerce< 2.4.4+5
NVDadobe/commerce_b2b< 1.3.3+5
CVEListV5adobe/adobe_commerce2.4.8-beta2
NVDadobe/magento< 2.4.4+5
Packagistmagento/community-edition2.4.7-beta12.4.7-p5+4

Patches

Patch: helpx.adobe.com

🔴Vulnerability Details

3
OSV
Magento does not properly protect credentials2025-04-08
CVEList
Adobe Commerce | Insufficiently Protected Credentials (CWE-522)2025-04-08
GHSA
Magento does not properly protect credentials2025-04-08
CVE-2025-27192 (LOW CVSS 2.7) | Adobe Commerce versions 2.4.7-p4 | cvebase.io