CVE-2025-54265

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.

Published: Oct 14, 2025
Updated: Oct 21, 2025
CVE: CVE-2025-54265
GHSA: GHSA-r355-75hw-r8jf
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
magento / community-edition	2.4.9-alpha1	2.4.9-alpha3
magento / community-edition	2.4.8-beta1	2.4.8-p3
magento / community-edition	2.4.7-beta1	2.4.7-p8
magento / community-edition	-	2.4.6-p13
magento / community-edition	2.4.8	2.4.8.x
magento / community-edition	2.4.7	2.4.7.x
magento / community-edition	2.4.6	2.4.6.x
magento / project-community-edition	-	2.0.2.x

https://helpx.adobe.com/security/products/magento/apsb25-94.html

Vulnerability Database

CVE-2025-54265

Deep Security Visibility Without the Complexity