APSB25-94 - APSB25-94: Security update available for Adobe Commerce Security Update
Bulletin Information
- Bulletin ID: APSB25-94
- Product: APSB25-94: Security update available for Adobe Commerce
- Published: October 14, 2025
- Priority: 2
- Severity: Critical
- CVE Count: 5
Affected Versions
- Adobe Commerce: 2.4.9-alpha2 and earlier2.4.8-p2 and earlier2.4.7-p7 and earlier2.4.6-p12 and earlier2.4.5-p14 and earlier2.4.4-p15 and earlier
- Adobe Commerce B2B: 1.5.3-alpha2 and earlier1.5.2-p2 and earlier1.4.2-p7 and earlier1.3.5-p12 and earlier1.3.4-p14 and earlier1.3.3-p15 and earlier
- Magento Open Source: 2.4.9-alpha22.4.8-p2 and earlier2.4.7-p7 and earlier2.4.6-p12 and earlier
Vulnerability Details
Total Vulnerabilities: 5
Severity Breakdown:
- Important: 3
- Critical: 2
Key Vulnerabilities:
1. CVE-2025-54263
- Category: Incorrect Authorization (CWE-863)
- Impact: Security feature bypass
- Severity: Critical
- CVSS Score: 8.1
- Authentication Required: Yes
2. CVE-2025-54264
- Category: Cross-site Scripting (Stored XSS) (CWE-79)
- Impact: Privilege escalation
- Severity: Critical
- CVSS Score: 8.1
- Authentication Required: Yes
3. CVE-2025-54265
- Category: Incorrect Authorization (CWE-863)
- Impact: Security feature bypass
- Severity: Important
- CVSS Score: 5.9
- Authentication Required: No
…and 2 more vulnerabilities
CVE Identifiers
CVE-2025-54266, CVE-2025-54267, CVE-2025-54263, CVE-2025-54264, CVE-2025-54265