CVE-2025-61924
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-16
Last updated on: 2025-12-29
Assigner: GitHub, Inc.
Description
Description
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP array_search(). The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| prestashop | prestashop_checkout | to 7.4.4.1 (exc) |
| prestashop | prestashop_checkout | From 7.5.0.1 (inc) to 7.5.0.5 (exc) |
| prestashop | prestashop_checkout | From 8.3.1.0 (inc) to 8.4.4.1 (exc) |
| prestashop | prestashop_checkout | From 8.5.0.0 (inc) to 8.5.0.5 (exc) |
| prestashop | prestashop_checkout | From 9.4.3.1 (inc) to 9.5.0.5 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-184 | The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete. |
