VYPR
Moderate severityNVD Advisory· Published Oct 16, 2025· Updated Oct 16, 2025

PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

CVE-2025-61923

Description

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
prestashop/ps_checkoutPackagist
< 4.4.14.4.1
prestashop/ps_checkoutPackagist
>= 5.0.0, < 5.0.55.0.5

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.