CVE-2025-61923
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-16

Last updated on: 2025-12-29

Assigner: GitHub, Inc.

Description
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-16
Last Modified
2025-12-29
Generated
2026-06-16
AI Q&A
2025-10-16
EPSS Evaluated
2026-06-14
NVD
CVE-2025-61923
EUVD
EUVD-2025-34789
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
prestashop prestashop_checkout to 7.4.4.1 (exc)
prestashop prestashop_checkout From 7.5.0.1 (inc) to 7.5.0.5 (exc)
prestashop prestashop_checkout From 8.3.1.0 (inc) to 8.4.4.1 (exc)
prestashop prestashop_checkout From 8.5.0.0 (inc) to 8.5.0.5 (exc)
prestashop prestashop_checkout From 9.4.3.1 (inc) to 9.5.0.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the PrestaShop Checkout module (official payment module partnered with PayPal) in versions prior to 4.4.1 and 5.0.5. The backoffice component lacks proper validation on input, which allows an attacker to perform directory traversal and disclose arbitrary files on the system. This means an attacker can potentially access files they should not be able to, by manipulating input paths.

Impact Analysis

The vulnerability can allow an attacker with high privileges to access sensitive files on the server by exploiting the directory traversal flaw. This could lead to unauthorized disclosure of information, potentially exposing confidential data or configuration files, which may compromise the security of the system.

Mitigation Strategies

Upgrade PrestaShop Checkout to version 4.4.1 or 5.0.5 or later, as these versions contain the fix for the directory traversal and arbitrary file disclosure vulnerability. No known workarounds exist.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61923. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart