APSB25-50 - APSB25-50: Security update available for Adobe Commerce Security Update

June 10, 2025

Magento Adobe Helpx Adobe Security Bulletin Critical Apsb25 50 Cve 2025 43586 Cve 2025 47110 Cve 2025 27207 Cve 2025 43585 Cve 2025 27206 Cve 2025 49550 Cve 2025 49549

Bulletin Information

Bulletin ID: APSB25-50
Product: APSB25-50: Security update available for Adobe Commerce
Published: June 10, 2025
Priority: 1
Severity: Critical
CVE Count: 7

Affected Versions

Adobe Commerce: 2.4.82.4.7-p5 and earlier2.4.6-p10 and earlier2.4.5-p12 and earlier2.4.4-p13 and earlier
Adobe Commerce B2B: 1.5.2 and earlier1.4.2-p5 and earlier1.3.5-p10 and earlier1.3.4-p12 and earlier1.3.3-p13 and earlier
Magento Open Source: 2.4.82.4.7-p5 and earlier2.4.6-p10 and earlier2.4.5-p12 and earlier

Vulnerability Details

Total Vulnerabilities: 7

Severity Breakdown:

Moderate: 1
Important: 4
Critical: 2

Key Vulnerabilities:

1. CVE-2025-47110

Category: Cross-site Scripting (Reflected XSS) (CWE-79)
Impact: Arbitrary code execution
Severity: Critical
CVSS Score: 9.1
Authentication Required: Yes

2. CVE-2025-43585

Category: Improper Authorization (CWE-285)
Impact: Security feature bypass
Severity: Critical
CVSS Score: 8.2
Authentication Required: Yes

3. CVE-2025-27206

Category: Improper Access Control (CWE-284)
Impact: Security feature bypass
Severity: Important
CVSS Score: 5.3
Authentication Required: Yes

…and 4 more vulnerabilities

CVE Identifiers

CVE-2025-43585, CVE-2025-49550, CVE-2025-27207, CVE-2025-49549, CVE-2025-43586, CVE-2025-47110, CVE-2025-27206

Read Full Bulletin on Adobe Security Portal →

All Bulletins Magento Bulletins Adobe Helpx Bulletins Adobe Bulletins Security Bulletin Bulletins Critical Bulletins Apsb25 50 Bulletins Cve 2025 43586 Bulletins Cve 2025 47110 Bulletins Cve 2025 27207 Bulletins Cve 2025 43585 Bulletins Cve 2025 27206 Bulletins Cve 2025 49550 Bulletins Cve 2025 49549 Bulletins Home