CVE-2025-24425: Magento Business Logic Error vulnerability

February 11, 2025 (updated February 28, 2025)

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application’s operations causing limited data modification. Exploitation of this issue does not require user interaction.

References

github.com/advisories/GHSA-6ff8-jrfg-43hh
github.com/magento/magento2
helpx.adobe.com/security/products/magento/apsb25-08.html
nvd.nist.gov/vuln/detail/CVE-2025-24425

Detect and mitigate CVE-2025-24425 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →