CVE-2025-30151

Published Apr 8, 2025

Last updated 3 months ago

CVSS high 7.5

Overview

Description
Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-20

Social media

Hype score
Not currently trending

  1. CVE-2025-30151 Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerabi… https://t.co/uP5v2x1bP4

    @CVEnew

    8 Apr 2025

    326 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.