CVE-2025-49556

Опубликовано: 12 авг. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged.

Ссылки

https://helpx.adobe.com/security/products/magento/apsb25-71.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:adobe:commerce:*:-:*:*:*:*:*:*

Версия до 2.4.4 (исключая)

cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:adobe:commerce_b2b:*:-:*:*:*:*:*:*

Версия до 1.3.3 (исключая)

cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p11:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*

cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:adobe:magento:*:-:*:*:open_source:*:*:*

Версия до 2.4.5 (исключая)

cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*

cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*

EPSS

Процентиль: 34%

0.00139

Низкий

7.5 High

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-7hrj-3c9x-xv5h

CVSS3: 7.5

github

6 месяцев назад

Magento has incorrect authorization issue that leads to arbitrary file system read

BDU:2025-10814

CVSS3: 7.5

fstec

6 месяцев назад

Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source, Adobe Commerce и Adobe Commerce B2B, связанная c недостатками процедуры авторизации, позволяющая нарушителю читать произвольные файлы

EPSS

Процентиль: 34%

0.00139

Низкий

7.5 High

CVSS3

Дефекты

CWE-863