CVE-2025-49549

Опубликовано: 25 июн. 2025

Источник: nvd

CVSS3: 2.7

EPSS Низкий

Описание

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction.

Ссылки

https://helpx.adobe.com/security/products/magento/apsb25-50.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*

Версия до 1.3.3 (исключая)

cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*:*

Версия до 2.4.4 (исключая)

cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:adobe:magento:*:*:*:*:open_source:*:*:*

Версия до 2.4.5 (исключая)

cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*

EPSS

Процентиль: 24%

0.00077

Низкий

2.7 Low

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-85jx-x9r4-45m2

CVSS3: 2.7

github

3 месяца назад

BDU:2025-08185

CVSS3: 2.7

fstec

3 месяца назад

Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source, Adobe Commerce и Adobe Commerce B2B, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 24%

0.00077

Низкий

2.7 Low

CVSS3

Дефекты

CWE-863