8.2

CVE-2025-43585

Media report

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Data is provided by the National Vulnerability Database (NVD)
AdobeCommerce Version2.4.4 Update-
AdobeCommerce Version2.4.4 Updatep1
AdobeCommerce Version2.4.4 Updatep10
AdobeCommerce Version2.4.4 Updatep11
AdobeCommerce Version2.4.4 Updatep12
AdobeCommerce Version2.4.4 Updatep13
AdobeCommerce Version2.4.4 Updatep2
AdobeCommerce Version2.4.4 Updatep3
AdobeCommerce Version2.4.4 Updatep4
AdobeCommerce Version2.4.4 Updatep5
AdobeCommerce Version2.4.4 Updatep6
AdobeCommerce Version2.4.4 Updatep7
AdobeCommerce Version2.4.4 Updatep8
AdobeCommerce Version2.4.4 Updatep9
AdobeCommerce Version2.4.5 Update-
AdobeCommerce Version2.4.5 Updatep1
AdobeCommerce Version2.4.5 Updatep10
AdobeCommerce Version2.4.5 Updatep11
AdobeCommerce Version2.4.5 Updatep12
AdobeCommerce Version2.4.5 Updatep2
AdobeCommerce Version2.4.5 Updatep3
AdobeCommerce Version2.4.5 Updatep4
AdobeCommerce Version2.4.5 Updatep5
AdobeCommerce Version2.4.5 Updatep6
AdobeCommerce Version2.4.5 Updatep7
AdobeCommerce Version2.4.5 Updatep8
AdobeCommerce Version2.4.5 Updatep9
AdobeCommerce Version2.4.6 Update-
AdobeCommerce Version2.4.6 Updatep1
AdobeCommerce Version2.4.6 Updatep10
AdobeCommerce Version2.4.6 Updatep2
AdobeCommerce Version2.4.6 Updatep3
AdobeCommerce Version2.4.6 Updatep4
AdobeCommerce Version2.4.6 Updatep5
AdobeCommerce Version2.4.6 Updatep6
AdobeCommerce Version2.4.6 Updatep7
AdobeCommerce Version2.4.6 Updatep8
AdobeCommerce Version2.4.6 Updatep9
AdobeCommerce Version2.4.7 Update-
AdobeCommerce Version2.4.7 Updateb1
AdobeCommerce Version2.4.7 Updateb2
AdobeCommerce Version2.4.7 Updatebeta3
AdobeCommerce Version2.4.7 Updatep1
AdobeCommerce Version2.4.7 Updatep2
AdobeCommerce Version2.4.7 Updatep3
AdobeCommerce Version2.4.7 Updatep4
AdobeCommerce Version2.4.7 Updatep5
AdobeCommerce Version2.4.8 Update-
AdobeCommerce B2b Version1.3.3 Update-
AdobeCommerce B2b Version1.3.3 Updatep10
AdobeCommerce B2b Version1.3.3 Updatep11
AdobeCommerce B2b Version1.3.3 Updatep12
AdobeCommerce B2b Version1.3.3 Updatep13
AdobeCommerce B2b Version1.3.4 Update-
AdobeCommerce B2b Version1.3.4 Updatep10
AdobeCommerce B2b Version1.3.4 Updatep11
AdobeCommerce B2b Version1.3.4 Updatep12
AdobeCommerce B2b Version1.3.4 Updatep9
AdobeCommerce B2b Version1.3.5 Update-
AdobeCommerce B2b Version1.3.5 Updatep10
AdobeCommerce B2b Version1.3.5 Updatep7
AdobeCommerce B2b Version1.3.5 Updatep8
AdobeCommerce B2b Version1.3.5 Updatep9
AdobeCommerce B2b Version1.4.2 Update-
AdobeCommerce B2b Version1.4.2 Updatep1
AdobeCommerce B2b Version1.4.2 Updatep2
AdobeCommerce B2b Version1.4.2 Updatep3
AdobeCommerce B2b Version1.4.2 Updatep4
AdobeCommerce B2b Version1.4.2 Updatep5
AdobeCommerce B2b Version1.5.2 Update-
AdobeMagento Version2.4.5 Update- SwEditionopen_source
AdobeMagento Version2.4.5 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep10 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep11 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep12 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep5 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep6 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep7 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep8 SwEditionopen_source
AdobeMagento Version2.4.5 Updatep9 SwEditionopen_source
AdobeMagento Version2.4.6 Update- SwEditionopen_source
AdobeMagento Version2.4.6 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep10 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep5 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep6 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep7 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep8 SwEditionopen_source
AdobeMagento Version2.4.6 Updatep9 SwEditionopen_source
AdobeMagento Version2.4.7 Update- SwEditionopen_source
AdobeMagento Version2.4.7 Updateb1 SwEditionopen_source
AdobeMagento Version2.4.7 Updateb2 SwEditionopen_source
AdobeMagento Version2.4.7 Updatebeta3 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep1 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep2 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep3 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep4 SwEditionopen_source
AdobeMagento Version2.4.7 Updatep5 SwEditionopen_source
AdobeMagento Version2.4.8 Update- SwEditionopen_source
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.09% 0.262
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
psirt@adobe.com 8.2 3.9 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.