cbcvebase.

Adobe Magento vulnerabilities

190 known vulnerabilities affecting adobe/magento.

Total CVEs
190
CISA KEV
3
actively exploited
Public exploits
3
Exploited in wild
2
Severity breakdown
CRITICAL22HIGH64MEDIUM91LOW13

Vulnerabilities

Page 4 of 10
CVE-2025-24406HIGHCVSS 7.5fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24406 [HIGH] CWE-22 CVE-2025-24406: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the r
nvd
CVE-2025-24413HIGHCVSS 8.7fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24413 [HIGH] CWE-79 CVE-2025-24413: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page con
nvd
CVE-2025-24414HIGHCVSS 8.7fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24414 [HIGH] CWE-79 CVE-2025-24414: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page con
nvd
CVE-2025-24409HIGHCVSS 8.2fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24409 [HIGH] CWE-863 CVE-2025-24409: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affec Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both a High impact to confidentiality and L
nvd
CVE-2025-24415HIGHCVSS 8.7fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24415 [HIGH] CWE-79 CVE-2025-24415: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page con
nvd
CVE-2025-24438HIGHCVSS 8.7v2.4.4v2.4.5+3 more2025-02-11
CVE-2025-24438 [HIGH] CWE-79 CVE-2025-24438: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page con
nvd
CVE-2025-24411HIGHCVSS 8.1fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24411 [HIGH] CWE-284 CVE-2025-24411: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity.
nvd
CVE-2025-24410HIGHCVSS 8.7fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24410 [HIGH] CWE-79 CVE-2025-24410: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page con
nvd
CVE-2025-24437MEDIUMCVSS 5.4v2.4.4v2.4.5+3 more2025-02-11
CVE-2025-24437 [MEDIUM] CWE-863 CVE-2025-24437: Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affect Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view or modify select information. Exploitation of this issue does not require user interactio
nvd
CVE-2025-24435MEDIUMCVSS 4.3v2.4.4v2.4.5+3 more2025-02-11
CVE-2025-24435 [MEDIUM] CWE-284 CVE-2025-24435: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of th
nvd
CVE-2025-24428MEDIUMCVSS 5.4fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24428 [MEDIUM] CWE-79 CVE-2025-24428: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page c
nvd
CVE-2025-24421MEDIUMCVSS 4.3fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24421 [MEDIUM] CWE-863 CVE-2025-24421: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to read select data. Exploitation of this issue does not require user interaction
nvd
CVE-2025-24436MEDIUMCVSS 4.3v2.4.4v2.4.5+3 more2025-02-11
CVE-2025-24436 [MEDIUM] CWE-863 CVE-2025-24436: Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affect Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view select information. Exploitation of this issue does not require user interaction.
nvd
CVE-2025-24425MEDIUMCVSS 5.3fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24425 [MEDIUM] CWE-840 CVE-2025-24425: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations causing limite
nvd
CVE-2025-24427MEDIUMCVSS 6.5fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24427 [MEDIUM] CWE-284 CVE-2025-24427: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does
nvd
CVE-2025-24408MEDIUMCVSS 6.5fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24408 [MEDIUM] CWE-200 CVE-2025-24408: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.
nvd
CVE-2025-24432LOWCVSS 3.7fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24432 [LOW] CWE-367 CVE-2025-24432: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypass
nvd
CVE-2025-24429LOWCVSS 3.5fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24429 [LOW] CWE-284 CVE-2025-24429: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of
nvd
CVE-2025-24430LOWCVSS 3.7fixed in 2.4.4v2.4.4+4 more2025-02-11
CVE-2025-24430 [LOW] CWE-367 CVE-2025-24430: Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affect Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypass
nvd
CVE-2024-49521HIGHCVSS 7.7fixed in 3.2.62024-11-12
CVE-2024-49521 [HIGH] CWE-918 CVE-2024-49521: Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulne Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as f
nvd
← Previous4 / 10Next →