cbcvebase.

Adobe Commerce B2B vulnerabilities

111 known vulnerabilities affecting adobe/commerce_b2b.

Total CVEs
111
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH41MEDIUM55LOW12

Vulnerabilities

Page 4 of 6
CVE-2025-24417HIGHCVSS 8.7fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24417 [HIGH] CWE-79 CVE-2025-24417: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page con
nvd
CVE-2025-24407HIGHCVSS 7.1fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24407 [HIGH] CWE-863 CVE-2025-24407: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low privileged attacker could exploit this vulnerability to perform actions with permissions that were not granted leading to both a High impact to confiden
nvd
CVE-2025-24412HIGHCVSS 8.7fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24412 [HIGH] CWE-79 CVE-2025-24412: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page con
nvd
CVE-2025-24406HIGHCVSS 7.5fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24406 [HIGH] CWE-22 CVE-2025-24406: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the r
nvd
CVE-2025-24413HIGHCVSS 8.7fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24413 [HIGH] CWE-79 CVE-2025-24413: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page con
nvd
CVE-2025-24418HIGHCVSS 8.1fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24418 [HIGH] CWE-285 CVE-2025-24418: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require us
nvd
CVE-2025-24414HIGHCVSS 8.7fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24414 [HIGH] CWE-79 CVE-2025-24414: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page con
nvd
CVE-2025-24409HIGHCVSS 8.2fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24409 [HIGH] CWE-863 CVE-2025-24409: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affec Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both a High impact to confidentiality and L
nvd
CVE-2025-24415HIGHCVSS 8.7fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24415 [HIGH] CWE-79 CVE-2025-24415: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page con
nvd
CVE-2025-24438HIGHCVSS 8.7v1.3.3v1.3.4+3 more2025-02-11
CVE-2025-24438 [HIGH] CWE-79 CVE-2025-24438: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page con
nvd
CVE-2025-24411HIGHCVSS 8.1fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24411 [HIGH] CWE-284 CVE-2025-24411: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity.
nvd
CVE-2025-24410HIGHCVSS 8.7fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24410 [HIGH] CWE-79 CVE-2025-24410: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page con
nvd
CVE-2025-24437MEDIUMCVSS 5.4v1.3.3v1.3.4+3 more2025-02-11
CVE-2025-24437 [MEDIUM] CWE-863 CVE-2025-24437: Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affect Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view or modify select information. Exploitation of this issue does not require user interactio
nvd
CVE-2025-24435MEDIUMCVSS 4.3v1.3.3v1.3.4+3 more2025-02-11
CVE-2025-24435 [MEDIUM] CWE-284 CVE-2025-24435: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of th
nvd
CVE-2025-24423MEDIUMCVSS 4.3fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24423 [MEDIUM] CWE-284 CVE-2025-24423: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to modify select data. Exploitation of this issue does not require user interaction.
nvd
CVE-2025-24428MEDIUMCVSS 5.4fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24428 [MEDIUM] CWE-79 CVE-2025-24428: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page c
nvd
CVE-2025-24421MEDIUMCVSS 4.3fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24421 [MEDIUM] CWE-863 CVE-2025-24421: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction
nvd
CVE-2025-24420MEDIUMCVSS 4.3fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24420 [MEDIUM] CWE-863 CVE-2025-24420: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to modify select data. Exploitation of this issue does not require user interaction.
nvd
CVE-2025-24436MEDIUMCVSS 4.3v1.3.3v1.3.4+3 more2025-02-11
CVE-2025-24436 [MEDIUM] CWE-863 CVE-2025-24436: Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affect Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view select information. Exploitation of this issue does not require user interaction.
nvd
CVE-2025-24425MEDIUMCVSS 5.3fixed in 1.3.3v1.3.3+4 more2025-02-11
CVE-2025-24425 [MEDIUM] CWE-840 CVE-2025-24425: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations causing limite
nvd
← Previous4 / 6Next →