How severe is CVE-2025-24407?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2025-24407?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2025-24407 - HIGH Severity | CVSS 7.1

Vulnerability Description

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low privileged attacker could exploit this vulnerability to perform actions with permissions that were not granted leading to both a High impact to confidentiality and Low impact to integrity. Exploitation of this issue does not require user interaction.

Related Vulnerabilities

CVE-2016-6591

HIGH

CVSS:7.1(High)

A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions.

CWE-8632016

CVE-2017-15091

HIGH

CVSS:7.1(High)

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the s...

CWE-8632017

CVE-2018-10925

HIGH

CVSS:7.1(High)

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE"...

CWE-8632018

CVE-2021-1086

HIGH

CVSS:7.1(High)

NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or i...

CWE-8632021

CVE-2021-20119

HIGH

CVSS:7.1(High)

The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.

CWE-8632021

CVE-2021-26964

HIGH

CVSS:7.1(High)

A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interfac...

CWE-8632021