PT-2025-42197 · Adobe · Commerce

Published

2025-10-14

Updated

2025-10-20

CVE-2025-54263

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.4 through 2.4.9-alpha2

Description A low-privileged attacker could bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction. The issue is related to incorrect authorization and improper access control, potentially allowing access to sensitive data and actions.

Recommendations Update Adobe Commerce to a version later than 2.4.9-alpha2. Update Adobe Commerce to a version later than 2.4.8-p2. Update Adobe Commerce to a version later than 2.4.7-p7. Update Adobe Commerce to a version later than 2.4.6-p12. Update Adobe Commerce to a version later than 2.4.5-p14. Update Adobe Commerce to a version later than 2.4.4-p15.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2025-54263

GHSA-69X9-XP2J-W8G8

Affected Products

Commerce

PT-2025-42197 · Adobe · Commerce

CVE-2025-54263

Weakness Enumeration

Related Identifiers

Affected Products

References · 10