Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.
Metrics
Affected Vendors & Products
References
History
Tue, 10 Jun 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Jun 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. | |
Title | Adobe Commerce | Improper Access Control (CWE-284) | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: adobe
Published: 2025-06-10T16:08:54.961Z
Updated: 2025-06-11T04:01:34.905Z
Reserved: 2025-02-19T22:28:19.025Z
Link: CVE-2025-27207

Updated: 2025-06-10T16:25:04.785Z

Status : Awaiting Analysis
Published: 2025-06-10T16:15:36.433
Modified: 2025-06-12T16:06:39.330
Link: CVE-2025-27207

No data.