CVE-2025-49554
Magento vulnerable to denial of service
7.5
HIGH
CVSS 3.1
EPSS 0.29%
Description
Magento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.
How to fix CVE-2025-49554
To remediate CVE-2025-49554, upgrade the affected package to a fixed version below.
- —upgrade to 2.4.9-alpha2 or later
- —no fix listed
Is CVE-2025-49554 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 2.4.9-alpha1, < 2.4.9-alpha2
- from 0, <= 2.0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |