APSB25-94 - APSB25-94: Security update available for Adobe Commerce Security Update

October 14, 2025

Apsb25 94 Magento Adobe Helpx Adobe Security Bulletin Critical Cve 2025 54266 Cve 2025 54265 Cve 2025 54264 Cve 2025 54263 Cve 2025 54267

Bulletin Information

Bulletin ID: APSB25-94
Product: APSB25-94: Security update available for Adobe Commerce
Published: October 14, 2025
Priority: 2
Severity: Critical
CVE Count: 5

Affected Versions

Adobe Commerce: 2.4.9-alpha2 and earlier2.4.8-p2 and earlier2.4.7-p7 and earlier2.4.6-p12 and earlier2.4.5-p14 and earlier2.4.4-p15 and earlier
Adobe Commerce B2B: 1.5.3-alpha2 and earlier1.5.2-p2 and earlier1.4.2-p7 and earlier1.3.5-p12 and earlier1.3.4-p14 and earlier1.3.3-p15 and earlier
Magento Open Source: 2.4.9-alpha22.4.8-p2 and earlier2.4.7-p7 and earlier2.4.6-p12 and earlier

Vulnerability Details

Total Vulnerabilities: 5

Severity Breakdown:

Important: 3
Critical: 2

Key Vulnerabilities:

1. CVE-2025-54263

Category: Incorrect Authorization (CWE-863)
Impact: Security feature bypass
Severity: Critical
CVSS Score: 8.1
Authentication Required: Yes

2. CVE-2025-54264

Category: Cross-site Scripting (Stored XSS) (CWE-79)
Impact: Privilege escalation
Severity: Critical
CVSS Score: 8.1
Authentication Required: Yes

3. CVE-2025-54265

Category: Incorrect Authorization (CWE-863)
Impact: Security feature bypass
Severity: Important
CVSS Score: 5.9
Authentication Required: No

…and 2 more vulnerabilities

CVE Identifiers

CVE-2025-54266, CVE-2025-54267, CVE-2025-54263, CVE-2025-54264, CVE-2025-54265

Read Full Bulletin on Adobe Security Portal →

All Bulletins Apsb25 94 Bulletins Magento Bulletins Adobe Helpx Bulletins Adobe Bulletins Security Bulletin Bulletins Critical Bulletins Cve 2025 54266 Bulletins Cve 2025 54265 Bulletins Cve 2025 54264 Bulletins Cve 2025 54263 Bulletins Cve 2025 54267 Bulletins Home