Adobe Commerce is an e-commerce platform used by many businesses to manage online stores. This vulnerability allows a low-privileged attacker to bypass security measures and gain unauthorized access to elevated privileges, increasing the integrity impact to high.
You're affected if you use Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, and earlier. To check if your version is affected, run the following command: osv.dev/Trivy (package scanner) or use a similar tool to scan for Adobe Commerce packages.
Note: This vulnerability does not affect Adobe Commerce Cloud versions, as they are isolated from on-premises environments.
To fix this issue, upgrade to Adobe Commerce version 2.5.0-ga or later. If an immediate upgrade isn't possible:
For more information on upgrading, refer to the official Adobe documentation: https://helpx.adobe.com/security/products/magento/apsb25-94.html