Vulnerabilities > CVE-2025-24437 - Incorrect Authorization vulnerability in Adobe Commerce and Commerce B2B

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
adobe
CWE-863
NVD
Published: 2025-02-11
Updated: 2025-04-16

Summary

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to view or modify select information. Exploitation of this issue does not require user interaction.

Vulnerable Configurations

Part Description Count
Application
Adobe
88

Common Weakness Enumeration (CWE)

References