CVE-2025-49550
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-25
Last updated on: 2025-07-24
Assigner: Adobe Systems Incorporated
Description
Description
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | commerce_b2b | to 1.3.3 (exc) |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.5.2 |
| adobe | commerce | to 2.4.4 (exc) |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.8 |
| adobe | commerce | 2.4.8 |
| adobe | commerce | 2.4.8 |
| adobe | magento | to 2.4.5 (exc) |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.8 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Incorrect Authorization issue in certain versions of Adobe Commerce. It allows an attacker to bypass security features and gain limited unauthorized access. Exploiting this vulnerability requires user interaction.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to bypass security measures and gain limited unauthorized access, potentially exposing some sensitive information or functionality that should be restricted.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70