CVE-2025-24423

Summary

CVE-2025-24423 is a newly identified vulnerability affecting Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and earlier. This issue involves Improper Access Control, which can lead to Privilege escalation. A low-privileged attacker can exploit this vulnerability without user interaction to bypass security measures and unauthorizedly access higher levels of system functionality. The potential impact is significant as it allows an attacker to gain more control and potentially cause further damage to the affected system. Users of the affected versions are strongly encouraged to apply the necessary patches as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.