Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-24418

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

Published

2025-02-11T18:15:43.527

Last Modified

2025-03-05T18:34:52.020

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-285
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adobe	commerce_b2b	< 1.3.3	Yes
Application	adobe	commerce_b2b	1.3.3	Yes
Application	adobe	commerce_b2b	1.3.3	Yes
Application	adobe	commerce_b2b	1.3.3	Yes
Application	adobe	commerce_b2b	1.3.4	Yes
Application	adobe	commerce_b2b	1.3.4	Yes
Application	adobe	commerce_b2b	1.3.4	Yes
Application	adobe	commerce_b2b	1.3.5	Yes
Application	adobe	commerce_b2b	1.3.5	Yes
Application	adobe	commerce_b2b	1.3.5	Yes
Application	adobe	commerce_b2b	1.4.2	Yes
Application	adobe	commerce_b2b	1.4.2	Yes
Application	adobe	commerce_b2b	1.4.2	Yes
Application	adobe	commerce_b2b	1.4.2	Yes
Application	adobe	commerce_b2b	1.5.0	Yes

References

https://helpx.adobe.com/security/products/magento/apsb25-08.html Vendor Advisory ([email protected])