CVE-2025-27189

Published Apr 8, 2025

Last updated 2 months ago

CVSS medium 4.3

Overview

Description: Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website.
Source: psirt@adobe.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Severity: MEDIUM

Weaknesses

psirt@adobe.com: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068",
            "versionEndExcluding": "1.3.3"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7671E11-AC9A-47CA-9FE5-C7DEEA708468"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References