CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49556 – Adobe Commerce | Incorrect Authorization (CWE-863)
https://notcve.org/view.php?id=CVE-2025-49556
12 Aug 2025 — Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged. • https://helpx.adobe.com/security/products/magento/apsb25-71.html • CWE-863: Incorrect Authorization •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49557 – Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
https://notcve.org/view.php?id=CVE-2025-49557
12 Aug 2025 — Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be used to escalate privileges within the application or compromise sensitive user data. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. ... • https://helpx.adobe.com/security/products/magento/apsb25-71.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49558 – Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
https://notcve.org/view.php?id=CVE-2025-49558
12 Aug 2025 — Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb25-71.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49554 – Adobe Commerce | Improper Input Validation (CWE-20)
https://notcve.org/view.php?id=CVE-2025-49554
12 Aug 2025 — Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb25-71.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49559 – Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
https://notcve.org/view.php?id=CVE-2025-49559
12 Aug 2025 — Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb25-71.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49555 – Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)
https://notcve.org/view.php?id=CVE-2025-49555
12 Aug 2025 — Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a mali... • https://helpx.adobe.com/security/products/magento/apsb25-71.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49550 – Adobe Commerce | Incorrect Authorization (CWE-863)
https://notcve.org/view.php?id=CVE-2025-49550
25 Jun 2025 — Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction. • https://helpx.adobe.com/security/products/magento/apsb25-50.html • CWE-863: Incorrect Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49549 – Adobe Commerce | Incorrect Authorization (CWE-863)
https://notcve.org/view.php?id=CVE-2025-49549
25 Jun 2025 — Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb25-50.html • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27206 – Adobe Commerce | Improper Access Control (CWE-284)
https://notcve.org/view.php?id=CVE-2025-27206
10 Jun 2025 — Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb25-50.html • CWE-284: Improper Access Control •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43586 – Adobe Commerce | Improper Access Control (CWE-284)
https://notcve.org/view.php?id=CVE-2025-43586
10 Jun 2025 — Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized elevated access. Exploitation of this issue does not require user interaction. • https://helpx.adobe.com/security/products/magento/apsb25-50.html • CWE-284: Improper Access Control •