CVE-2025-24420

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 11, 2025

Updated: Feb 27, 2025

CWE ID 863

Summary

CVE-2025-24420 is a newly disclosed Incorrect Authorization vulnerability affecting Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, and earlier. This issue allows a low-privileged attacker to bypass security features and perform actions that weren't granted to them. Notably, user interaction is not required to exploit this vulnerability. This vulnerability poses a significant risk to organizations using the affected Adobe Commerce versions and should be addressed promptly by applying the available patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe Commerce

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2q5vk3
https://www.cve.org/CVERecord?id=CVE-2025-24420
https://nvd.nist.gov/vuln/detail/CVE-2025-24420

Back to Vulnerability Database