5.9
CVE-2025-49558
- EPSS 0.18%
- Published 12.08.2025 18:15:29
- Last modified 15.08.2025 15:40:51
- Source psirt@adobe.com
- Teams watchlist Login
- Open Login
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Adobe ≫ Commerce B2b Update- Version < 1.3.3
Adobe ≫ Commerce B2b Version1.3.3 Update-
Adobe ≫ Commerce B2b Version1.3.3 Updatep1
Adobe ≫ Commerce B2b Version1.3.3 Updatep10
Adobe ≫ Commerce B2b Version1.3.3 Updatep11
Adobe ≫ Commerce B2b Version1.3.3 Updatep12
Adobe ≫ Commerce B2b Version1.3.3 Updatep13
Adobe ≫ Commerce B2b Version1.3.3 Updatep14
Adobe ≫ Commerce B2b Version1.3.3 Updatep2
Adobe ≫ Commerce B2b Version1.3.3 Updatep3
Adobe ≫ Commerce B2b Version1.3.3 Updatep4
Adobe ≫ Commerce B2b Version1.3.3 Updatep5
Adobe ≫ Commerce B2b Version1.3.3 Updatep6
Adobe ≫ Commerce B2b Version1.3.3 Updatep7
Adobe ≫ Commerce B2b Version1.3.3 Updatep8
Adobe ≫ Commerce B2b Version1.3.3 Updatep9
Adobe ≫ Commerce B2b Version1.3.4 Update-
Adobe ≫ Commerce B2b Version1.3.4 Updatep1
Adobe ≫ Commerce B2b Version1.3.4 Updatep10
Adobe ≫ Commerce B2b Version1.3.4 Updatep11
Adobe ≫ Commerce B2b Version1.3.4 Updatep12
Adobe ≫ Commerce B2b Version1.3.4 Updatep13
Adobe ≫ Commerce B2b Version1.3.4 Updatep2
Adobe ≫ Commerce B2b Version1.3.4 Updatep3
Adobe ≫ Commerce B2b Version1.3.4 Updatep4
Adobe ≫ Commerce B2b Version1.3.4 Updatep5
Adobe ≫ Commerce B2b Version1.3.4 Updatep6
Adobe ≫ Commerce B2b Version1.3.4 Updatep7
Adobe ≫ Commerce B2b Version1.3.4 Updatep8
Adobe ≫ Commerce B2b Version1.3.4 Updatep9
Adobe ≫ Commerce B2b Version1.3.5 Update-
Adobe ≫ Commerce B2b Version1.3.5 Updatep1
Adobe ≫ Commerce B2b Version1.3.5 Updatep10
Adobe ≫ Commerce B2b Version1.3.5 Updatep11
Adobe ≫ Commerce B2b Version1.3.5 Updatep2
Adobe ≫ Commerce B2b Version1.3.5 Updatep3
Adobe ≫ Commerce B2b Version1.3.5 Updatep4
Adobe ≫ Commerce B2b Version1.3.5 Updatep5
Adobe ≫ Commerce B2b Version1.3.5 Updatep6
Adobe ≫ Commerce B2b Version1.3.5 Updatep7
Adobe ≫ Commerce B2b Version1.3.5 Updatep8
Adobe ≫ Commerce B2b Version1.3.5 Updatep9
Adobe ≫ Commerce B2b Version1.4.2 Update-
Adobe ≫ Commerce B2b Version1.4.2 Updatep1
Adobe ≫ Commerce B2b Version1.4.2 Updatep2
Adobe ≫ Commerce B2b Version1.4.2 Updatep3
Adobe ≫ Commerce B2b Version1.4.2 Updatep4
Adobe ≫ Commerce B2b Version1.4.2 Updatep5
Adobe ≫ Commerce B2b Version1.4.2 Updatep6
Adobe ≫ Commerce B2b Version1.5.2 Update-
Adobe ≫ Commerce B2b Version1.5.2 Updatep1
Adobe ≫ Commerce B2b Version1.5.3 Updatealpha1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.394 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| psirt@adobe.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.