PT-2025-32863 · Adobe · Commerce
Published
2025-08-12
·
Updated
2025-08-15
·
CVE-2025-49554
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
Adobe Commerce versions 2.4.9-alpha1 through 2.4.4-p14 and earlier
Description:
Adobe Commerce is affected by an improper input validation issue that could lead to a denial-of-service (DoS). An attacker could exploit this issue by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.
Recommendations:
Adobe Commerce versions prior to 2.4.9-alpha1 should be updated.
Adobe Commerce version 2.4.8-p1 should be updated.
Adobe Commerce version 2.4.7-p6 should be updated.
Adobe Commerce version 2.4.6-p11 should be updated.
Adobe Commerce version 2.4.5-p13 should be updated.
Adobe Commerce version 2.4.4-p14 should be updated.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Commerce