CVE-2025-27192

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction.

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/magento/apsb25-26.html

Configurations

No configuration.

History

09 Apr 2025, 20:02

Type	Values Removed	Values Added
Summary		(es) Las versiones 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Credenciales Insuficientemente Protegidas que podría provocar la omisión de una función de seguridad. Un atacante con privilegios elevados podría explotar esta vulnerabilidad para obtener acceso no autorizado a recursos protegidos mediante la obtención de información confidencial de credenciales. Para explotar este problema, no se requiere la interacción del usuario.

08 Apr 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-08 21:15

Updated : 2025-04-09 20:02

NVD link : CVE-2025-27192

Mitre link : CVE-2025-27192

CVE.ORG link : CVE-2025-27192

JSON object : View

Products Affected

No product.

CWE

CWE-522

Insufficiently Protected Credentials

2.7 /10