CVE-2025-24434

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier

Description The issue is related to an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. This vulnerability enables unauthorized access without user interaction and could lead to possible account takeovers.

Recommendations For Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier, update to a version that includes the security patch APSB25-08 to fix the vulnerability. At the moment, there is no information about other specific newer versions that contain a fix for this vulnerability.