Adobe Commerce vulnerabilities
179 known vulnerabilities affecting adobe/adobe_commerce.
Total CVEs
179
CISA KEV
2
actively exploited
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL10HIGH72MEDIUM85LOW12
Vulnerabilities
Page 4 of 9
CVE-2025-24427MEDIUMCVSS 6.5≤ 2.4.8-beta12025-02-11
CVE-2025-24427 [MEDIUM] CWE-284 CVE-2025-24427: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does
cvelistv5nvd
CVE-2025-24423MEDIUMCVSS 4.3≤ 2.4.8-beta12025-02-11
CVE-2025-24423 [MEDIUM] CWE-284 CVE-2025-24423: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to modify select data. Exploitation of this issue does not require user interaction.
cvelistv5nvd
CVE-2025-24428MEDIUMCVSS 5.4≤ 2.4.8-beta12025-02-11
CVE-2025-24428 [MEDIUM] CWE-79 CVE-2025-24428: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page c
cvelistv5nvd
CVE-2025-24421MEDIUMCVSS 4.3≤ 2.4.8-beta12025-02-11
CVE-2025-24421 [MEDIUM] CWE-863 CVE-2025-24421: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction
cvelistv5nvd
CVE-2025-24419MEDIUMCVSS 4.3≤ 2.4.8-beta12025-02-11
CVE-2025-24419 [MEDIUM] CWE-863 CVE-2025-24419: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to modify select data. Exploitation of this issue does not require user interaction.
cvelistv5nvd
CVE-2025-24420MEDIUMCVSS 4.3≤ 2.4.8-beta12025-02-11
CVE-2025-24420 [MEDIUM] CWE-863 CVE-2025-24420: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to modify select data. Exploitation of this issue does not require user interaction.
cvelistv5nvd
CVE-2025-24422MEDIUMCVSS 6.5≤ 2.4.8-beta12025-02-11
CVE-2025-24422 [MEDIUM] CWE-284 CVE-2025-24422: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does n
cvelistv5nvd
CVE-2025-24436MEDIUMCVSS 4.3≤ 2.4.8-beta12025-02-11
CVE-2025-24436 [MEDIUM] CWE-863 CVE-2025-24436: Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affect
Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view select information. Exploitation of this issue does not require user interaction.
cvelistv5nvd
CVE-2025-24424MEDIUMCVSS 6.5≤ 2.4.8-beta12025-02-11
CVE-2025-24424 [MEDIUM] CWE-284 CVE-2025-24424: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does n
cvelistv5nvd
CVE-2025-24426MEDIUMCVSS 6.5≤ 2.4.8-beta12025-02-11
CVE-2025-24426 [MEDIUM] CWE-284 CVE-2025-24426: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does n
cvelistv5nvd
CVE-2025-24408MEDIUMCVSS 6.5≤ 2.4.8-beta12025-02-11
CVE-2025-24408 [MEDIUM] CWE-200 CVE-2025-24408: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.
cvelistv5nvd
CVE-2025-24432LOWCVSS 3.7≤ 2.4.8-beta12025-02-11
CVE-2025-24432 [LOW] CWE-367 CVE-2025-24432: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypass
cvelistv5nvd
CVE-2025-24429LOWCVSS 3.5≤ 2.4.8-beta12025-02-11
CVE-2025-24429 [LOW] CWE-284 CVE-2025-24429: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of
cvelistv5nvd
CVE-2025-24430LOWCVSS 3.7≤ 2.4.8-beta12025-02-11
CVE-2025-24430 [LOW] CWE-367 CVE-2025-24430: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypass
cvelistv5nvd
CVE-2024-49521HIGHCVSS 7.7≤ 3.2.52024-11-12
CVE-2024-49521 [HIGH] CWE-918 CVE-2024-49521: Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulne
Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as f
cvelistv5nvd
CVE-2024-45115CRITICALCVSS 9.8≤ 2.4.4-p102024-10-10
CVE-2024-45115 [CRITICAL] CWE-287 CVE-2024-45115: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Impro
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user inte
cvelistv5nvd
CVE-2024-45148HIGHCVSS 8.8≤ 2.4.4-p102024-10-10
CVE-2024-45148 [HIGH] CWE-287 CVE-2024-45148: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Impro
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interac
cvelistv5nvd
CVE-2024-45116HIGHCVSS 8.1≤ 2.4.4-p102024-10-10
CVE-2024-45116 [HIGH] CWE-79 CVE-2024-45116: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's
cvelistv5nvd
CVE-2024-45117HIGHCVSS 7.6≤ 2.4.4-p102024-10-10
CVE-2024-45117 [HIGH] CWE-20 CVE-2024-45117: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Impro
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availabili
cvelistv5nvd
CVE-2024-45128MEDIUMCVSS 5.4≤ 2.4.4-p102024-10-10
CVE-2024-45128 [MEDIUM] CWE-863 CVE-2024-45128: Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Impro
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue doe
cvelistv5nvd