AI description
CVE-2025-61922 affects the PrestaShop Checkout module, which is the official payment module in partnership with PayPal. The vulnerability exists in versions 1.3.0 and prior to 4.4.1 and 5.0.5. It stems from a missing validation on the Express Checkout feature, which allows silent login, potentially leading to account takeover via email. This vulnerability allows attackers to perform unauthorized account takeovers by bypassing authentication in the Express Checkout feature. By exploiting this, attackers can silently log in to existing customer accounts using only an email address, which could compromise user data and account security. The vulnerability has been fixed in versions 4.4.1 and 5.0.5.
- Description
- PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- prestashop_checkout
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-287
- Hype score
- Not currently trending
CVE-2025-61922: Zero-Click Account Takeover on Prestashop - @dhakal_ananda https://t.co/JHLMyxTwcB
@pentest_swissky
14 Feb 2026
2718 Impressions
11 Retweets
45 Likes
24 Bookmarks
1 Reply
0 Quotes
PrestaShop patches a 9.1 critical flaw (CVE-2025-61922) in the Checkout module. Attackers can hijack accounts via email. PoC available. #PrestaShop #CVE #Ecommerce #CyberSecurity #InfoSec #AccountTakeover #DataPrivacy #PatchAlert https://t.co/GuQtQ4ncZI
@the_yellow_fall
5 Jan 2026
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (Dec.27 - Jan.03, 2026) 1⃣. Zero-Click Account Takeover on Prestashop https://t.co/gRuNIt7T5q // Technical analysis of CVE-2025-61922 leading to zero-click account takeover in
@ksg93rd
4 Jan 2026
427 Impressions
3 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 #CVE-2025-61922 Decoded: How a Single PrestaShop Endpoint Could Sink Your E-Commerce Empire + Video https://t.co/7epwNGYXjZ Educational Purposes!
@UndercodeUpdate
3 Jan 2026
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - g0vguy/CVE-2025-61922-PoC: A simple, educational proof-of-concept script demonstrating the zero-click account takeover vulnerability in the PrestaShop Checkout module (CVE-2025-61922). - https://t.co/PVmY75IoXn
@piedpiper1616
3 Jan 2026
1300 Impressions
1 Retweet
18 Likes
3 Bookmarks
1 Reply
0 Quotes
CVE-2025-61922 (PrestaShop Checkout Authentication Bypass) Analysis using Neo - https://t.co/eFmWQGfPiQ
@emgeekboy
2 Jan 2026
3037 Impressions
6 Retweets
32 Likes
10 Bookmarks
0 Replies
1 Quote
CVE-2025-61922: Zero-Click Account Takeover on Prestashop - Dhakal’s Infosec Blog https://t.co/XIgribYWbP
@akaclandestine
2 Jan 2026
2560 Impressions
4 Retweets
33 Likes
13 Bookmarks
1 Reply
0 Quotes
I just reversed the CVE-2025-61922 and dropped an in-depth analysis. Check it out :) Zero-click customer ATO on Presatshop! https://t.co/qXcT7HQkzn
@dhakal_ananda
2 Jan 2026
10870 Impressions
29 Retweets
163 Likes
96 Bookmarks
1 Reply
0 Quotes
Vulnerabilidad crítica en Prestashop CVE-2025-61922 https://t.co/yjmw4RfdOP https://t.co/Khuc8vW9qm
@elhackernet
20 Oct 2025
2341 Impressions
5 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-61922 PrestaShop Checkout Account Takeover via Unauthenticated Express Checkou... https://t.co/CPUdTYkJ0s Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
17 Oct 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-61922 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, missing validation on the Express Chec… https://t.co/kKbwHgdrab
@CVEnew
16 Oct 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-61922: CRITICAL] Critical vulnerability in PrestaShop Checkout pre-4.4.1 & 5.0.5 allows silent login, facilitating account takeover via email. Update to secure versions 4.4.1 or 5.0.5 ASAP.#cve,CVE-2025-61922,#cybersecurity https://t.co/hPOCuEeHm8 https://t.co/Nte5k
@CveFindCom
16 Oct 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prestashop:prestashop_checkout:*:*:*:*:*:prestashop:*:*",
"vulnerable": true,
"matchCriteriaId": "78BDECB6-6142-47A0-89D1-C96DE8B052EB",
"versionEndExcluding": "7.4.4.1",
"versionStartIncluding": "1.3.0"
},
{
"criteria": "cpe:2.3:a:prestashop:prestashop_checkout:*:*:*:*:*:prestashop:*:*",
"vulnerable": true,
"matchCriteriaId": "36D48F64-2C0D-4DF7-9FBB-26FF21B9C71B",
"versionEndExcluding": "7.5.0.5",
"versionStartIncluding": "7.5.0.1"
},
{
"criteria": "cpe:2.3:a:prestashop:prestashop_checkout:*:*:*:*:*:prestashop:*:*",
"vulnerable": true,
"matchCriteriaId": "78BB8AD6-68E4-426F-B9D9-1810D37193D4",
"versionEndExcluding": "8.4.4.1",
"versionStartIncluding": "8.3.1.0"
},
{
"criteria": "cpe:2.3:a:prestashop:prestashop_checkout:*:*:*:*:*:prestashop:*:*",
"vulnerable": true,
"matchCriteriaId": "CF84DA7C-A801-4366-8463-F6FD21A69263",
"versionEndExcluding": "8.5.0.5",
"versionStartIncluding": "8.5.0.0"
},
{
"criteria": "cpe:2.3:a:prestashop:prestashop_checkout:*:*:*:*:*:prestashop:*:*",
"vulnerable": true,
"matchCriteriaId": "FBB531A1-D85B-4987-89FB-EC28C974301F",
"versionEndExcluding": "9.5.0.5",
"versionStartIncluding": "9.4.3.1"
}
],
"operator": "OR"
}
]
}
]