CVE-2025-30151
HIGH7.5EPSS 0.80%Shopware allows Denial Of Service via password length
Published: 4/8/2025Modified: 4/8/2025
Description
### Impact It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. ### Patches Update to Shopware 6.6.10.3 or 6.5.8.17 ### Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
Affected packages (2)
- Packagist/shopware/core>= 6.6.0.0, < 6.6.10.3
- Packagist/shopware/platform>= 6.6.0.0, < 6.6.10.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-30151
- PATCHhttps://github.com/shopware/shopware
- WEBhttps://github.com/shopware/shopware/releases/tag/v6.5.8.17
- WEBhttps://github.com/shopware/shopware/releases/tag/v6.6.10.3
- WEBhttps://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
- WEBhttps://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2