CVE-2025-27192

EUVD-2025-14839
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
adobeCNA
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
adobecommerce
𝑥
< 2.4.4
adobecommerce
2.4.4
adobecommerce
2.4.4:p1
adobecommerce
2.4.4:p10
adobecommerce
2.4.4:p11
adobecommerce
2.4.4:p12
adobecommerce
2.4.4:p2
adobecommerce
2.4.4:p3
adobecommerce
2.4.4:p4
adobecommerce
2.4.4:p5
adobecommerce
2.4.4:p6
adobecommerce
2.4.4:p7
adobecommerce
2.4.4:p8
adobecommerce
2.4.4:p9
adobecommerce
2.4.5
adobecommerce
2.4.5:p1
adobecommerce
2.4.5:p10
adobecommerce
2.4.5:p11
adobecommerce
2.4.5:p2
adobecommerce
2.4.5:p3
adobecommerce
2.4.5:p4
adobecommerce
2.4.5:p5
adobecommerce
2.4.5:p6
adobecommerce
2.4.5:p7
adobecommerce
2.4.5:p8
adobecommerce
2.4.5:p9
adobecommerce
2.4.6
adobecommerce
2.4.6:p1
adobecommerce
2.4.6:p2
adobecommerce
2.4.6:p3
adobecommerce
2.4.6:p4
adobecommerce
2.4.6:p5
adobecommerce
2.4.6:p6
adobecommerce
2.4.6:p7
adobecommerce
2.4.6:p8
adobecommerce
2.4.6:p9
adobecommerce
2.4.7
adobecommerce
2.4.7:b1
adobecommerce
2.4.7:b2
adobecommerce
2.4.7:beta3
adobecommerce
2.4.7:p1
adobecommerce
2.4.7:p2
adobecommerce
2.4.7:p3
adobecommerce
2.4.7:p4
adobecommerce
2.4.8:beta2
adobecommerce_b2b
𝑥
< 1.3.3
adobecommerce_b2b
1.3.3
adobecommerce_b2b
1.3.3:p10
adobecommerce_b2b
1.3.3:p11
adobecommerce_b2b
1.3.3:p12
adobecommerce_b2b
1.3.4
adobecommerce_b2b
1.3.4:p10
adobecommerce_b2b
1.3.4:p11
adobecommerce_b2b
1.3.4:p9
adobecommerce_b2b
1.3.5
adobecommerce_b2b
1.3.5:p7
adobecommerce_b2b
1.3.5:p8
adobecommerce_b2b
1.3.5:p9
adobecommerce_b2b
1.4.2
adobecommerce_b2b
1.4.2:p1
adobecommerce_b2b
1.4.2:p2
adobecommerce_b2b
1.4.2:p3
adobecommerce_b2b
1.4.2:p4
adobecommerce_b2b
1.5.1
adobemagento
𝑥
< 2.4.4
adobemagento
2.4.4
adobemagento
2.4.4:p1
adobemagento
2.4.4:p10
adobemagento
2.4.4:p11
adobemagento
2.4.4:p12
adobemagento
2.4.4:p2
adobemagento
2.4.4:p3
adobemagento
2.4.4:p4
adobemagento
2.4.4:p5
adobemagento
2.4.4:p6
adobemagento
2.4.4:p7
adobemagento
2.4.4:p8
adobemagento
2.4.4:p9
adobemagento
2.4.5
adobemagento
2.4.5:p1
adobemagento
2.4.5:p10
adobemagento
2.4.5:p11
adobemagento
2.4.5:p2
adobemagento
2.4.5:p3
adobemagento
2.4.5:p4
adobemagento
2.4.5:p5
adobemagento
2.4.5:p6
adobemagento
2.4.5:p7
adobemagento
2.4.5:p8
adobemagento
2.4.5:p9
adobemagento
2.4.6
adobemagento
2.4.6:p1
adobemagento
2.4.6:p2
adobemagento
2.4.6:p3
adobemagento
2.4.6:p4
adobemagento
2.4.6:p5
adobemagento
2.4.6:p6
adobemagento
2.4.6:p7
adobemagento
2.4.6:p8
adobemagento
2.4.6:p9
adobemagento
2.4.7
adobemagento
2.4.7:b1
adobemagento
2.4.7:b2
adobemagento
2.4.7:beta3
adobemagento
2.4.7:p1
adobemagento
2.4.7:p2
adobemagento
2.4.7:p3
adobemagento
2.4.7:p4
adobemagento
2.4.8:beta2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://helpx.adobe.com/security/products/magento/apsb25-26.html