APSB25-50 - APSB25-50: Security update available for Adobe Commerce Security Update
Bulletin Information
- Bulletin ID: APSB25-50
- Product: APSB25-50: Security update available for Adobe Commerce
- Published: June 10, 2025
- Priority: 1
- Severity: Critical
- CVE Count: 7
Affected Versions
- Adobe Commerce: 2.4.82.4.7-p5 and earlier2.4.6-p10 and earlier2.4.5-p12 and earlier2.4.4-p13 and earlier
- Adobe Commerce B2B: 1.5.2 and earlier1.4.2-p5 and earlier1.3.5-p10 and earlier1.3.4-p12 and earlier1.3.3-p13 and earlier
- Magento Open Source: 2.4.82.4.7-p5 and earlier2.4.6-p10 and earlier2.4.5-p12 and earlier
Vulnerability Details
Total Vulnerabilities: 7
Severity Breakdown:
- Moderate: 1
- Important: 4
- Critical: 2
Key Vulnerabilities:
1. CVE-2025-47110
- Category: Cross-site Scripting (Reflected XSS) (CWE-79)
- Impact: Arbitrary code execution
- Severity: Critical
- CVSS Score: 9.1
- Authentication Required: Yes
2. CVE-2025-43585
- Category: Improper Authorization (CWE-285)
- Impact: Security feature bypass
- Severity: Critical
- CVSS Score: 8.2
- Authentication Required: Yes
3. CVE-2025-27206
- Category: Improper Access Control (CWE-284)
- Impact: Security feature bypass
- Severity: Important
- CVSS Score: 5.3
- Authentication Required: Yes
…and 4 more vulnerabilities
CVE Identifiers
CVE-2025-43585, CVE-2025-49550, CVE-2025-27207, CVE-2025-49549, CVE-2025-43586, CVE-2025-47110, CVE-2025-27206