CVE-2025-24425

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier

Description The issue is a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations, causing limited data modification. Exploitation of this issue does not require user interaction.

Recommendations For Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, update to a version that includes a fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.