← Volver a CVEs
CVE-2025-43586
HIGH8.1
Descripcion
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized elevated access. Exploitation of this issue does not require user interaction.
Detalles CVE
Puntuacion CVSS v3.18.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado6/10/2025
Ultima modificacion6/23/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
adobe:commerceadobe:commerce_b2badobe:magento
Debilidades (CWE)
CWE-284
Referencias
https://helpx.adobe.com/security/products/magento/apsb25-50.html(psirt@adobe.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.