CRITICAL🇵🇱 Wersja polska

CVE-2025-24434

CVSS 9.1v3.1pub. 2025-02-11upd. 2025-04-16

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Adobe Commerce

    APP
    Adobe
    2.4.42.4.52.4.62.4.72.4.8
  • Adobe Commerce B2b

    APP
    Adobe
    1.3.31.3.41.3.51.4.21.5.0
  • Adobe Magento

    APP
    Adobe
    2.4.42.4.52.4.62.4.72.4.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-54236CRITICAL9.1⚠ KEVPL ✓ten sam produkt

Adobe Commerce/Magento — przejęcie sesji przez Improper Input Validation

CVE-2024-34102CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Krytyczna podatność XXE w Adobe Commerce umożliwiająca RCE

CVE-2022-24086CRITICAL9.8⚠ KEVten sam produkt

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input va...

CVE-2024-45115CRITICAL9.8PL ✓ten sam produkt

Adobe Commerce — nieprawidłowe uwierzytelnienie umożliwiające privilege escalation

CVE-2024-39397CRITICAL9.0PL ✓ten sam produkt

Adobe Commerce — RCE poprzez nieograniczony upload niebezpiecznych plików