Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-49559

Опубликовано: 12 авг. 2025
Источник: nvd
CVSS3: 5.3
EPSS Низкий

Описание

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:adobe:commerce:*:-:*:*:*:*:*:*
Версия до 2.4.4 (исключая)
cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:adobe:magento:*:-:*:*:open_source:*:*:*
Версия до 2.4.5 (исключая)
cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:adobe:commerce_b2b:*:-:*:*:*:*:*:*
Версия до 1.3.3 (исключая)
cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p11:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*

EPSS

Процентиль: 48%
0.00253
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

github логотип

GHSA-h4f4-gv6h-x824

CVSS3: 5.3
github
6 месяцев назад

Magento vulnerable to path traversal

fstec логотип

BDU:2025-09897

CVSS3: 5.3
fstec
6 месяцев назад

Уязвимость программных платформ для разработки и управления онлайн магазинами Magento Open Source, Adobe Commerce и Adobe Commerce B2B, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 48%
0.00253
Низкий

5.3 Medium

CVSS3

Дефекты

CWE-22
Уязвимость CVE-2025-49559