VYPR
High severityNVD Advisory· Published Aug 12, 2025· Updated Aug 13, 2025

Adobe Commerce | Incorrect Authorization (CWE-863)

CVE-2025-49556

Description

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
magento/project-community-editionPackagist
<= 2.0.2
magento/community-editionPackagist
>= 2.4.9-alpha1, < 2.4.9-alpha22.4.9-alpha2
magento/community-editionPackagist
>= 2.4.8-beta1, < 2.4.8-p22.4.8-p2
magento/community-editionPackagist
>= 2.4.7-beta1, < 2.4.7-p72.4.7-p7
magento/community-editionPackagist
>= 2.4.6-p1, < 2.4.6-p122.4.6-p12
magento/community-editionPackagist
< 2.4.5-p142.4.5-p14

Affected products

3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.