CVE-2025-54267

CWE-863Incorrect Authorization4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 80.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Magento Community-editionAdobe Adobe CommerceMagento Project-community-edition+3 more
Timeline
PublishedOct 14

Description

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that increase integrity impact to high. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

CVEListV5adobe/adobe_commerce2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15
NVDadobe/commerce6 versions+5
NVDadobe/commerce_b2b6 versions+5
NVDadobe/magento4 versions+3
Packagistmagento/community-edition2.4.9-alpha12.4.9-alpha3+3

🔴Vulnerability Details

3
OSV
Magento vulnerable to privilege escalation due to incorrect authorization2025-10-14
CVEList
Adobe Commerce | Incorrect Authorization (CWE-863)2025-10-14
GHSA
Magento vulnerable to privilege escalation due to incorrect authorization2025-10-14
CVE-2025-54267 (MEDIUM CVSS 6.5) | Adobe Commerce versions 2.4.9-alpha | cvebase.io