CVE-2025-24434

CRITICAL9.1EPSS 0.21%

Improper Authorization vulnerability in Magento and Adobe Commerce

發布日:2025/2/11修改日:2025/2/28

描述

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

受影響套件(2)

Packagist/magento/community-edition>= 2.4.8-beta1, < 2.4.8-beta2
Packagist/magento/project-community-editionfrom 0, <= 2.0.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-24434
PATCHhttps://github.com/magento/magento2
WEBhttps://helpx.adobe.com/security/products/magento/apsb25-08.html