Threat Insight

Critical CVE-2025-24434 Vulnerability in Adobe Commerce and Magento Open Source

Adobe recently published patches for Adobe Commerce and Magento Open Source[1], which resolves a critical vulnerability in the products. The vulnerability abuses improper authorization, which could result in an unauthenticated attacker elevating their privileges, malicious remote code execution, and gain unauthorized access. Exploitation of this vulnerability does not require any interaction from any local user, further increasing it’s criticality.

  • Insight
Critical CVE-2025-24434 Vulnerability in Adobe Commerce

CVE

CVE-2025-24434

Affected Products

Adobe Commerce on Cloud infrastructure, Adobe Commerce on-premises, and Magento Open Source: 2.4.8-beta1 and earlier 2.4.7-p3 and earlier 2.4.6-p8 and earlier 2.4.5-p10 and earlier 2.4.4-p11 and earlier

Apply isolated patches provided by Adobe[2], depending on your version of Adobe Commerce/Magento Open Source.

References

[1] https://experienceleague.adobe.com/en/docs/commerce-knowledge-base/kb/troubleshooting/known-issues-patches-attached/security-update-available-for-adobe-commerce-apsb25-08
[2] https://experienceleague.adobe.com/en/docs/commerce-knowledge-base/kb/troubleshooting/known-issues-patches-attached/security-update-available-for-adobe-commerce-apsb25-08#:~:text=Open%20Source%20version.-,Isolated%20Patch%20Details,-Use%20the%20following