CVE-2026-25597

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.2.4 PrestaShop versions prior to 9.0.3

Description PrestaShop contains a time-based user enumeration issue in its user authentication functionality. An attacker can determine if a customer account exists by observing response times. The vulnerable functionality does not involve any API endpoints or specific parameters. The authenticate() function is affected.

Recommendations Update to PrestaShop version 8.2.4 or later. Update to PrestaShop version 9.0.3 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-208

Related Identifiers

BIT-PRESTASHOP-2026-25597

CVE-2026-25597

GHSA-67V7-3G49-MXH2

Affected Products

Prestashop

CVE-2026-25597

Weakness Enumeration

Related Identifiers

Affected Products

References · 11