CVE-2025-30152

Summary

CVE-2025-30152 is a vulnerability affecting the Sylius PayPal Plugin before versions 1.6.2, 1.7.2, and 2.0.2. This plugin, developed by the Sylius Core Team, is used for integrating PayPal Commerce Platform into Sylius. The issue permits users to alter their shopping cart after completing the PayPal checkout process and payment authorization. By doing so, users can manipulate cart contents before finalizing the order, leading to discrepancies between the order amount in Sylius and the actual amount captured by PayPal. This can result in merchants delivering products or services without receiving full payment. The vulnerability is resolved in versions 1.6.2, 1.7.2, 2.0.2, and subsequent releases.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.