CVE-2025-49555

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.9-alpha1 through 2.4.4-p14

Description: Adobe Commerce is affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. An attacker with elevated privileges could trick a victim into performing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction, such as visiting a malicious website or clicking on a crafted link.

Recommendations: Adobe Commerce version 2.4.9-alpha1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Adobe Commerce version 2.4.8-p1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Adobe Commerce version 2.4.7-p6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Adobe Commerce version 2.4.6-p11: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Adobe Commerce version 2.4.5-p13: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Adobe Commerce version 2.4.4-p14: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Adobe Commerce versions prior to 2.4.4-p14: At the moment, there is no information about a newer version that contains a fix for this vulnerability.