- Bulletin ID: APSB25-26
- Product: APSB25-26: Security update available for Adobe Commerce
- Published: April 08, 2025
- Priority: 2
- Severity: Important
- CVE Count: 5
Affected Versions
- Adobe Commerce: 2.4.8-beta22.4.7-p4 and earlier2.4.6-p9 and earlier2.4.5-p11 and earlier2.4.4-p12 and earlier
- Adobe Commerce B2B: 1.5.1 and earlier1.4.2-p4 and earlier1.3.5-p9 and earlier1.3.4-p11 and earlier1.3.3-p12 and earlier
- Magento Open Source: 2.4.8-beta22.4.7-p4 and earlier2.4.6-p9 and earlier2.4.5-p11 and earlier2.4.4-p12 and earlier
Vulnerability Details
Total Vulnerabilities: 5
Severity Breakdown:
Key Vulnerabilities:
1. CVE-2025-27188
- Category: Improper Authorization (CWE-285)
- Impact: Privilege escalation
- Severity: Important
- CVSS Score: 4.3
- Authentication Required: Yes
2. CVE-2025-27189
- Category: Cross-Site Request Forgery (CSRF) (CWE-352)
- Impact: Application denial-of-service
- Severity: Important
- CVSS Score: 4.3
- Authentication Required: Yes
3. CVE-2025-27190
- Category: Improper Access Control (CWE-284)
- Impact: Security feature bypass
- Severity: Important
- CVSS Score: 5.3
- Authentication Required: Yes
…and 2 more vulnerabilities
CVE Identifiers
CVE-2025-27189, CVE-2025-27191, CVE-2025-27188, CVE-2025-27190, CVE-2025-27192
Read Full Bulletin on Adobe Security Portal →