CVE-2025-61923

Impact

Missing validation on input vulnerable to directory traversal.

Patches

The problem has been patched in versions:

v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1) v4.4.1 for PrestaShop 8 (build number: 8.4.4.1) v5.0.5 for PrestaShop 1.7 (build number: 7.5.0.5) v5.0.5 for PrestaShop 8 (build number: 8.5.0.5) v5.0.5 for PrestaShop 9 (build number: 9.5.0.5)

Read the Versioning policy to learn more about the build number.

Credits

Léo CUNÉAZ for reportied this issue.

Published: Oct 16, 2025
Updated: Oct 17, 2025
CVE: CVE-2025-61923
GHSA: GHSA-fpxp-pfqm-x54w
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
prestashop / ps_checkout	-	4.4.1
prestashop / ps_checkout	5.0.0	5.0.5

https://github.com/PrestaShopCorp/ps_checkout/security/advisories/GHSA-fpxp-pfqm-x54w

Vulnerability Database

CVE-2025-61923

Impact

Patches

Credits

Deep Security Visibility Without the Complexity