Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Adobe |
|
Configuration 1 [-]
|
No data.
References
History
Wed, 30 Apr 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Adobe
Adobe commerce B2b |
|
| CPEs | cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.5.1:*:*:*:*:*:*:* |
|
| Vendors & Products |
Adobe
Adobe commerce B2b |
Tue, 08 Apr 2025 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 08 Apr 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website. | |
| Title | Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352) | |
| Weaknesses | CWE-352 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2025-04-08T20:17:09.000Z
Updated: 2025-04-08T21:01:36.306Z
Reserved: 2025-02-19T22:28:19.020Z
Link: CVE-2025-27189
Vulnrichment
Updated: 2025-04-08T20:55:43.281Z
NVD
Status : Analyzed
Published: 2025-04-08T21:15:50.567
Modified: 2025-04-30T14:59:09.547
Link: CVE-2025-27189
Redhat
No data.