magento/community-edition Security Advisories for 2.4.5-p10 (24)
-
[CRITICAL] Improper Authorization vulnerability in Magento and Adobe Commerce
PKSA-dkfb-rbxq-yjwm CVE-2025-24434 GHSA-fppq-f2m6-xv5c
Affected version: <2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4|>=2.4.8-beta1,<2.4.8-beta2
Reported by:
GitHub -
[MEDIUM] Magento Business Logic Error vulnerability
PKSA-7r2g-km67-fzjj CVE-2025-24425 GHSA-6ff8-jrfg-43hh
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-4fbw-nxjw-pfvz CVE-2025-24427 GHSA-v3hq-g424-5mgg
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-zmv5-8rn8-bcky CVE-2025-24428 GHSA-mm87-rrqx-94cr
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[LOW] Magento Improper Access Control vulnerability
PKSA-74vv-j3wm-1rmr CVE-2025-24429 GHSA-656q-fx2w-8ccv
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-3fgq-966m-4b4d CVE-2025-24430 GHSA-6w27-c66f-gvhq
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[LOW] Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
PKSA-scxw-rbh8-zprd CVE-2025-24432 GHSA-7jmr-43qj-pw47
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-5cry-7724-1qnd CVE-2025-24435 GHSA-82p4-55gj-956p
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|>=2.4.5-p1,<2.4.5-p11|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-m4dw-3q4p-45bh CVE-2025-24436 GHSA-ghpr-6qhr-rpp8
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-m5fw-drjh-dkpx CVE-2025-24437 GHSA-469f-wf4f-3jjv
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento stored Cross-Site Scripting (XSS) vulnerability
PKSA-1zf5-sgkc-jzyt CVE-2025-24438 GHSA-8884-7rm9-mrx4
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Adobe Commerce Path Traversal
PKSA-1xz1-g451-tt2n CVE-2025-24406 GHSA-954p-ff72-327w
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Information Exposure vulnerability
PKSA-xvsr-wng1-pxg6 CVE-2025-24408 GHSA-3cfg-w257-cgf8
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Adobe Commerce Improper Authorization vulnerability
PKSA-tbwj-d61p-nbfx CVE-2025-24409 GHSA-vw47-79jv-3598
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-fnqn-wmgf-dz5q CVE-2025-24410 GHSA-gjxp-46rq-wg4q
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Improper Access Control vulnerability
PKSA-6bw6-vk81-1ktc CVE-2025-24411 GHSA-36hw-x3cc-m258
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-q458-hszg-5wns CVE-2025-24412 GHSA-m4rg-mpp2-97px
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-cnnr-cdx4-pzsf CVE-2025-24413 GHSA-xwgx-8v72-4j5j
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-q54t-8dp2-cc8r CVE-2025-24414 GHSA-fhw6-3mj5-w9gv
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-rbtq-c7hb-whdk CVE-2025-24415 GHSA-gc27-rvvm-q77r
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-kcjr-8cb1-qp39 CVE-2025-24416 GHSA-rjjw-g6hw-7pc9
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[HIGH] Magento Stored Cross-Site Scripting (XSS) Vulnerability
PKSA-vygn-g55g-pygn CVE-2025-24417 GHSA-g3j6-9753-8mp2
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Incorrect Authorization vulnerability
PKSA-bfth-jyjv-9bmg CVE-2025-24421 GHSA-v6r2-425c-hfrr
Affected version: =2.4.8-beta1|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub -
[MEDIUM] Magento Improper Access Control vulnerability
PKSA-mhqr-9knx-97tc CVE-2025-24424 GHSA-539v-w87w-w62c
Affected version: =2.4.8-beta1|=2.4.4|=2.4.5|=2.4.6|=2.4.7|<2.4.4-p12|>=2.4.5-p1,<2.4.5-p11|>=2.4.6-p1,<2.4.6-p9|>=2.4.7-beta1,<2.4.7-p4
Reported by:
GitHub