CVE-2025-24425 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.4.7-beta1 <2.4.7-p4 || >=2.4.6-p1 <2.4.6-p9 || >=2.4.5-p1 <2.4.5-p11 || >=0 <2.4.4-p12 || =2.4.7 || =2.4.6 || =2.4.5 || =2.4.4 || =2.4.8-beta1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00241 pctl0.47311

Details

Magento Business Logic Error vulnerability Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations causing limited data modification. Exploitation of this issue does not require user interaction.

Metadata

Created: 2025-02-11T18:31:42Z
Modified: 2025-02-28T02:42:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-6ff8-jrfg-43hh/GHSA-6ff8-jrfg-43hh.json
CWE IDs: []
Alternative ID: GHSA-6ff8-jrfg-43hh
Finding: F115
Auto approve: 1