CVE-2025-61924

EPSS 0.05%
Veröffentlicht 16.10.2025 17:33:49
Zuletzt bearbeitet 29.12.2025 20:06:15
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP array_search(). The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Prestashop ≫ Prestashop Checkout SwPlatformprestashop Version < 7.4.4.1

Prestashop ≫ Prestashop Checkout SwPlatformprestashop Version >= 7.5.0.1 < 7.5.0.5

Prestashop ≫ Prestashop Checkout SwPlatformprestashop Version >= 8.3.1.0 < 8.4.4.1

Prestashop ≫ Prestashop Checkout SwPlatformprestashop Version >= 8.5.0.0 < 8.5.0.5

Prestashop ≫ Prestashop Checkout SwPlatformprestashop Version >= 9.4.3.1 < 9.5.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.162

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	3.8	1.2	2.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CWE-184 Incomplete List of Disallowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

https://github.com/PrestaShopCorp/ps_checkout/security/advisories/GHSA-wvpg-4wrh-5889

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-61924

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-61924

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-61924

EUVD