Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.
History

Tue, 10 Jun 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 10 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Description Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.
Title Adobe Commerce | Improper Access Control (CWE-284)
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2025-06-10T16:08:54.961Z

Updated: 2025-06-11T04:01:34.905Z

Reserved: 2025-02-19T22:28:19.025Z

Link: CVE-2025-27207

cve-icon Vulnrichment

Updated: 2025-06-10T16:25:04.785Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-06-10T16:15:36.433

Modified: 2025-06-12T16:06:39.330

Link: CVE-2025-27207

cve-icon Redhat

No data.