CVE-2025-49557

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.4-p14 and earlier Adobe Commerce versions 2.4.5-p13 Adobe Commerce versions 2.4.6-p11 Adobe Commerce versions 2.4.7-p6 Adobe Commerce versions 2.4.8-p1 Adobe Commerce versions 2.4.9-alpha1

Description: The application is susceptible to a stored Cross-Site Scripting (XSS) issue. A low-privileged attacker could inject malicious scripts into vulnerable form fields. Exploitation requires user interaction, specifically a victim browsing to a page containing the vulnerable field. These scripts may be used to escalate privileges or compromise sensitive user data.

Recommendations: Update Adobe Commerce to a version later than 2.4.4-p14. Update Adobe Commerce to a version later than 2.4.5-p13. Update Adobe Commerce to a version later than 2.4.6-p11. Update Adobe Commerce to a version later than 2.4.7-p6. Update Adobe Commerce to a version later than 2.4.8-p1. Update Adobe Commerce to a version later than 2.4.9-alpha1.