CVE-2025-24425

Summary

CVE-2025-24425 is a Business Logic Error vulnerability affecting Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and earlier. This issue allows an attacker to bypass security mechanisms by manipulating the application's logic, granting limited data modification access without requiring user interaction. The vulnerability could potentially enable unintended actions and data modification, posing a significant risk to affected systems. Adobe Commerce users are strongly advised to apply the available patches or updates to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.