CVE-2025-24420

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7-beta1 through 2.4.4-p11 and earlier

Description The issue is related to an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to perform actions with permissions that were not granted. Exploitation of this issue does not require user interaction.

Recommendations For versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, and 2.4.4-p11, update to a version that includes the fix for this vulnerability. For earlier versions, update to the latest version that includes the fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.