CVE-2025-24406

Опубликовано: 11 фев. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction.

Ссылки

https://helpx.adobe.com/security/products/magento/apsb25-08.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*

Версия до 2.4.4 (исключая)

cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*

Версия до 1.3.3 (исключая)

cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*

Версия до 2.4.4 (исключая)

cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*

EPSS

Процентиль: 81%

0.016

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-954p-ff72-327w

CVSS3: 7.5

github

12 месяцев назад

Adobe Commerce Path Traversal

BDU:2025-01487

CVSS3: 7.5

fstec

около 1 года назад

Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source, Adobe Commerce и Adobe Commerce B2B, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю получить доступ на изменение произвольных файлов

EPSS

Процентиль: 81%

0.016

Низкий

7.5 High

CVSS3

Дефекты

CWE-22