CVE-2025-24424

Summary

CVE-2025-24424 is a recently disclosed vulnerability affecting Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, and earlier. This issue involves an Improper Access Control flaw, enabling a low-privileged attacker to bypass crucial security measures without the need for user interaction. This vulnerability could potentially grant unauthorized access to sensitive data or functionality, posing a significant risk to affected systems. Organizations using the impacted Adobe Commerce versions are strongly advised to apply available patches or updates as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.