APSB25-71 - APSB25-71: Security update available for Adobe Commerce Security Update
Bulletin Information
- Bulletin ID: APSB25-71
- Product: APSB25-71: Security update available for Adobe Commerce
- Published: August 12, 2025
- Priority: 2
- Severity: Critical
- CVE Count: 6
Affected Versions
- Adobe Commerce: 2.4.9-alpha12.4.8-p1 and earlier2.4.7-p6 and earlier2.4.6-p11 and earlier2.4.5-p13 and earlier2.4.4-p14 and earlier
- Adobe Commerce B2B: 1.5.3-alpha11.5.2-p1 and earlier1.4.2-p6 and earlier1.3.5-p11 and earlier1.3.4-p13 and earlier1.3.3-p14 and earlier
- Magento Open Source: 2.4.9-alpha12.4.8-p1 and earlier2.4.7-p6 and earlier2.4.6-p11 and earlier2.4.5-p13 and earlier
Vulnerability Details
Total Vulnerabilities: 6
Severity Breakdown:
- Important: 2
- Critical: 4
Key Vulnerabilities:
1. CVE-2025-49554
- Category: Improper Input Validation (CWE-20)
- Impact: Application denial-of-service
- Severity: Critical
- CVSS Score: 7.5
- Authentication Required: No
2. CVE-2025-49555
- Category: Cross-Site Request Forgery (CSRF) (CWE-352)
- Impact: Privilege escalation
- Severity: Critical
- CVSS Score: 8.1
- Authentication Required: Yes
3. CVE-2025-49556
- Category: Incorrect Authorization (CWE-863)
- Impact: Arbitrary file system read
- Severity: Critical
- CVSS Score: 7.5
- Authentication Required: Yes
…and 3 more vulnerabilities
CVE Identifiers
CVE-2025-49558, CVE-2025-49554, CVE-2025-49559, CVE-2025-49555, CVE-2025-49556, CVE-2025-49557