cbcvebase.
CVE-2025-49549
published 2025-06-25

CVE-2025-49549: Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result…

low2.7CVSS 3.1
AVNACLPRHUINSUCLINAN
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction.

Affected

22 ranges
VendorProductVersion rangeFixed in
adobeadobe_commerce<= 2.4.4-p13
adobecommerce< 2.4.42.4.4
adobecommerce
adobecommerce
adobecommerce
adobecommerce
adobecommerce
adobecommerce_b2b< 1.3.31.3.3
adobecommerce_b2b
adobecommerce_b2b
adobecommerce_b2b
adobecommerce_b2b
adobecommerce_b2b
adobemagento< 2.4.52.4.5
adobemagento
adobemagento
adobemagento
adobemagento
magentocommunity-edition>= 0 < 2.4.5-p132.4.5-p13
magentocommunity-edition>= 2.4.6-p1 < 2.4.6-p112.4.6-p11
magentocommunity-edition>= 2.4.7-beta1 < 2.4.7-p62.4.7-p6
magentoproject-community-edition0 – 2.0.2