CVE-2025-24409

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier

Description: The issue is related to an improper authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to bypass security measures and gain unauthorized access, affecting both confidentiality and integrity. The exploitation of this issue does not require user interaction. A remote attacker could leverage this vulnerability to bypass security restrictions and gain unauthorized access to protected information.

Recommendations: For Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, update to a version that includes the fix for this improper authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.