CVE-2025-54265

CWE-863Incorrect Authorization4 documents4 sources
Severity
7.5HIGH
EPSS
0.1%
top 71.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Magento Community-editionAdobe Adobe CommerceMagento Project-community-edition+3 more
Timeline
PublishedOct 14

Description

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages6 packages

CVEListV5adobe/adobe_commerce2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15
NVDadobe/commerce6 versions+5
NVDadobe/commerce_b2b6 versions+5
NVDadobe/magento4 versions+3
Packagistmagento/community-edition2.4.9-alpha12.4.9-alpha3+3

🔴Vulnerability Details

3
CVEList
Adobe Commerce | Incorrect Authorization (CWE-863)2025-10-14
GHSA
Magento allows incorrect authorization2025-10-14
OSV
Magento allows incorrect authorization2025-10-14
CVE-2025-54265 (HIGH CVSS 7.5) | Adobe Commerce versions 2.4.9-alpha | cvebase.io