CVE-2025-54267

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that increase integrity impact to high. Exploitation of this issue does not require user interaction.

Published: Oct 14, 2025
Updated: Oct 22, 2025
CVE: CVE-2025-54267
GHSA: GHSA-qvwr-p3hj-j6jf
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
magento / project-community-edition	-	2.0.2.x
magento / community-edition	2.4.9-alpha1	2.4.9-alpha3
magento / community-edition	2.4.8-beta1	2.4.8-p3
magento / community-edition	2.4.7-beta1	2.4.7-p8
magento / community-edition	-	2.4.6-p13
magento / community-edition	2.4.8	2.4.8.x
magento / community-edition	2.4.7	2.4.7.x
magento / community-edition	2.4.6	2.4.6.x

https://helpx.adobe.com/security/products/magento/apsb25-94.html

Vulnerability Database

CVE-2025-54267

Deep Security Visibility Without the Complexity