VYPR
Get started
← All advisories
Medium severity5.9NVD Advisory· Published Oct 14, 2025· Updated Apr 28, 2026

CVE-2025-54265

CVE-2025-54265

Description

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
magento/community-editionPackagist
>= 2.4.9-alpha1, < 2.4.9-alpha32.4.9-alpha3
magento/community-editionPackagist
>= 2.4.8-beta1, < 2.4.8-p32.4.8-p3
magento/community-editionPackagist
>= 2.4.7-beta1, < 2.4.7-p82.4.7-p8
magento/community-editionPackagist
< 2.4.6-p132.4.6-p13
magento/project-community-editionPackagist
<= 2.0.2

Affected products

150
  • Adobe Inc./Commerce62 versions
    cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*+ 61 more
    • cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.9:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.9:alpha2:*:*:*:*:*:*
  • Adobe Inc./Commerce B2b57 versions
    cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*+ 56 more
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.5:p11:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.5:p12:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha2:*:*:*:*:*:*
  • Adobe Inc./Magento31 versions
    cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*+ 30 more
    • cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.9:alpha2:*:*:open_source:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.