APSB25-71 - APSB25-71: Security update available for Adobe Commerce Security Update

August 12, 2025

Magento Adobe Helpx Adobe Security Bulletin Critical Apsb25 71 Cve 2025 49555 Cve 2025 49559 Cve 2025 49558 Cve 2025 49556 Cve 2025 49554 Cve 2025 49557

Bulletin Information

Bulletin ID: APSB25-71
Product: APSB25-71: Security update available for Adobe Commerce
Published: August 12, 2025
Priority: 2
Severity: Critical
CVE Count: 6

Affected Versions

Adobe Commerce: 2.4.9-alpha12.4.8-p1 and earlier2.4.7-p6 and earlier2.4.6-p11 and earlier2.4.5-p13 and earlier2.4.4-p14 and earlier
Adobe Commerce B2B: 1.5.3-alpha11.5.2-p1 and earlier1.4.2-p6 and earlier1.3.5-p11 and earlier1.3.4-p13 and earlier1.3.3-p14 and earlier
Magento Open Source: 2.4.9-alpha12.4.8-p1 and earlier2.4.7-p6 and earlier2.4.6-p11 and earlier2.4.5-p13 and earlier

Vulnerability Details

Total Vulnerabilities: 6

Severity Breakdown:

Important: 2
Critical: 4

Key Vulnerabilities:

1. CVE-2025-49554

Category: Improper Input Validation (CWE-20)
Impact: Application denial-of-service
Severity: Critical
CVSS Score: 7.5
Authentication Required: No

2. CVE-2025-49555

Category: Cross-Site Request Forgery (CSRF) (CWE-352)
Impact: Privilege escalation
Severity: Critical
CVSS Score: 8.1
Authentication Required: Yes

3. CVE-2025-49556

Category: Incorrect Authorization (CWE-863)
Impact: Arbitrary file system read
Severity: Critical
CVSS Score: 7.5
Authentication Required: Yes

…and 3 more vulnerabilities

CVE Identifiers

CVE-2025-49558, CVE-2025-49554, CVE-2025-49559, CVE-2025-49555, CVE-2025-49556, CVE-2025-49557

Read Full Bulletin on Adobe Security Portal →

All Bulletins Magento Bulletins Adobe Helpx Bulletins Adobe Bulletins Security Bulletin Bulletins Critical Bulletins Apsb25 71 Bulletins Cve 2025 49555 Bulletins Cve 2025 49559 Bulletins Cve 2025 49558 Bulletins Cve 2025 49556 Bulletins Cve 2025 49554 Bulletins Cve 2025 49557 Bulletins Home