CVE-2025-24436

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7-beta1 through 2.4.7-p3 Adobe Commerce versions 2.4.6-p8 Adobe Commerce versions 2.4.5-p10 Adobe Commerce versions 2.4.4-p11 and earlier

Description The issue is related to an Improper Access Control vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

Recommendations For Adobe Commerce versions 2.4.7-beta1 through 2.4.7-p3, update to a version that fixes the Improper Access Control vulnerability. For Adobe Commerce versions 2.4.6-p8, update to a version that fixes the Improper Access Control vulnerability. For Adobe Commerce versions 2.4.5-p10, update to a version that fixes the Improper Access Control vulnerability. For Adobe Commerce versions 2.4.4-p11 and earlier, update to a version that fixes the Improper Access Control vulnerability. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.