VYPR
High severityNVD Advisory· Published Apr 15, 2025· Updated Apr 16, 2025

CVE-2025-27892

CVE-2025-27892

Description

Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
shopware/corePackagist
>= 6.7.0.0-rc1, < 6.7.0.0-rc26.7.0.0-rc2
shopware/platformPackagist
>= 6.7.0.0-rc1, < 6.7.0.0-rc26.7.0.0-rc2
shopware/corePackagist
>= 6.6.0.0, < 6.6.10.36.6.10.3
shopware/platformPackagist
>= 6.6.0.0, < 6.6.10.36.6.10.3
shopware/corePackagist
< 6.5.8.186.5.8.18
shopware/platformPackagist
< 6.5.8.186.5.8.18

Affected products

3

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.