CVE-2025-61922

EPSS 0.02%
Veröffentlicht 16.10.2025 17:26:14
Zuletzt bearbeitet 29.12.2025 20:06:13
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Prestashop ≫ Prestashop Checkout SwPlatformprestashop Version >= 1.3.0 < 7.4.4.1

Prestashop ≫ Prestashop Checkout SwPlatformprestashop Version >= 7.5.0.1 < 7.5.0.5

Prestashop ≫ Prestashop Checkout SwPlatformprestashop Version >= 8.3.1.0 < 8.4.4.1

Prestashop ≫ Prestashop Checkout SwPlatformprestashop Version >= 8.5.0.0 < 8.5.0.5

Prestashop ≫ Prestashop Checkout SwPlatformprestashop Version >= 9.4.3.1 < 9.5.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.03

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/PrestaShopCorp/ps_checkout/security/advisories/GHSA-54hq-mf6h-48xh

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-61922

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-61922

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-61922

EUVD