CVE-2025-27207

Published Jun 10, 2025

Last updated 6 days ago

CVSS medium 6.5

Overview

Description: Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.
Source: psirt@adobe.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

psirt@adobe.com: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F"
          },
          {
            "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References