CVE-2025-61922

Name of the Vulnerable Software and Affected Versions PrestaShop Checkout versions 1.3.0 through 4.4.0 PrestaShop Checkout versions 5.0.0 through 5.0.4

Description The PrestaShop Checkout module, used in partnership with PayPal, contains a flaw in the Express Checkout feature. Missing validation allows for silent login, potentially enabling account takeover via email. This issue affects versions starting from 1.3.0. There are reports of a zero-click account takeover vulnerability. The vulnerability allows attackers to bypass authentication entirely, gaining unauthorized access to customer accounts.

Recommendations Update to PrestaShop Checkout version 4.4.1 for PrestaShop 1.7 (build number 7.4.4.1). Update to PrestaShop Checkout version 4.4.1 for PrestaShop 8 (build number 8.4.4.1). Update to PrestaShop Checkout version 5.0.5 for PrestaShop 1.7 (build number 7.5.0.5). Update to PrestaShop Checkout version 5.0.5 for PrestaShop 8 (build number 8.5.0.5). Update to PrestaShop Checkout version 5.0.5 for PrestaShop 9 (build number 9.5.0.5).