CVE-2025-24425

MEDIUM Year: 2025
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-840
View all →

Vulnerability Description

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations causing limited data modification. Exploitation of this issue does not require user interaction.

Related Vulnerabilities

CVE-2020-8228

MEDIUM
CVSS:5.3(Medium)

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

CWE-8402020

CVE-2021-22897

MEDIUM
CVSS:5.3(Medium)

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The se...

CWE-8402021

CVE-2022-0689

MEDIUM
CVSS:5.3(Medium)

Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.

CWE-8402022

CVE-2024-2151

MEDIUM
CVSS:5.3(Medium)

A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Hand...

CWE-8402024

CVE-2024-6844

MEDIUM
CVSS:5.3(Medium)

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus...

CWE-8402024

CVE-2023-3228

MEDIUM
CVSS:5.4(Medium)

Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.

CWE-8402023