PT-2025-15423 · Shopware · Shopware
Bsmietana
·
Published
2025-04-08
·
Updated
2025-04-08
·
CVE-2025-30151
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Shopware versions prior to 6.6.10.3
Shopware versions prior to 6.5.8.17
Description:
The issue allows an attacker to cause a Denial of Service by passing long passwords via forms in Storefront forms or Store-API.
Recommendations:
For versions prior to 6.6.10.3, update to version 6.6.10.3 or later.
For versions prior to 6.5.8.17, update to version 6.5.8.17 or later.
For older versions of 6.4, install the corresponding security plugin.
As a general recommendation, updating to the latest Shopware version is advised for the full range of functions.
Exploit
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shopware