CVE-2025-27189

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p4 through 2.4.8-beta2 and earlier

Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website.

Recommendations: For Adobe Commerce versions 2.4.7-p4 and earlier, update to a version later than 2.4.8-beta2 to resolve the issue. For Adobe Commerce version 2.4.8-beta2 and earlier, update to a version later than 2.4.8-beta2 to resolve the issue. As a temporary workaround, consider restricting access to the application to minimize the risk of exploitation.