CVE-2025-27892
Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression.
| Software | From | Fixed in |
|---|---|---|
shopware / shopware
|
- | 6.5.8.17 |
|
shopware / shopware
|
6.6.0.0 | 6.6.10.3 |
|
shopware / shopware
|
6.7.0.0-rc1 | 6.7.0.0-rc1.x |
|
shopware / core
|
6.6.0.0 | 6.6.10.3 |
|
shopware / platform
|
6.6.0.0 | 6.6.10.3 |
|
shopware / core
|
6.7.0.0-rc1 | 6.7.0.0-rc2 |
|
shopware / platform
|
6.7.0.0-rc1 | 6.7.0.0-rc2 |
|
shopware / core
|
6.7.0.0-rc1 | 6.7.0.0-rc1.x |
|
shopware / platform
|
6.7.0.0-rc1 | 6.7.0.0-rc1.x |
|
shopware / core
|
- | 6.5.8.18 |
|
shopware / platform
|
- | 6.5.8.18 |
- https://github.com/shopware/shopware/releases/tag/v6.5.8.17
- https://github.com/shopware/shopware/releases/tag/v6.6.10.3
- https://github.com/shopware/shopware/releases/tag/v6.7.0.0-rc2
- https://github.com/shopware/shopware/security/advisories/GHSA-8g35-7rmw-7f59
- https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001
- https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime