- 37/2025
- Critical
Adobe has released security updates to fix several vulnerabilities across multiple Adobe Commerce products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform cross-site scripting attacks, gain elevated privileges, or execute arbitrary code and gain access to the affected systems
Sample of the addressed vulnerabilities:
1. Adobe Commerce Improper Authorization (CWE-285) (CVE-2025-24434):
- CVSS: 9.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. Adobe Commerce Cross-Site Scripting (CWE-79) (CVE-2025-24417):
- CVSS: 8.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Cross-site Scripting
The affected products:
- Adobe Commerce.
- Adobe Commerce B2B.
- Magento Open Source.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.