CVE-2025-54264

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.4 through 2.4.9-alpha2

Description A stored Cross-Site Scripting (XSS) issue exists in Adobe Commerce that could allow a high-privileged attacker to inject malicious scripts into vulnerable form fields. Successful exploitation can lead to session takeover, impacting confidentiality and integrity. Exploitation requires user interaction, specifically a victim browsing to a page containing the vulnerable field.

Recommendations Update Adobe Commerce versions prior to 2.4.4. Update Adobe Commerce version 2.4.4. Update Adobe Commerce version 2.4.5-p14. Update Adobe Commerce version 2.4.6-p12. Update Adobe Commerce version 2.4.7-p7. Update Adobe Commerce version 2.4.8-p2. Update Adobe Commerce version 2.4.9-alpha2.