Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-24434
CVE-2025-24434:
PHP vulnerability analysis and mitigation
Overview
A critical privilege escalation vulnerability (CVE-2025-24434) was discovered in Adobe Commerce and Magento Open Source platforms. The vulnerability was disclosed on February 11, 2025, affecting multiple versions including Adobe Commerce 2.4.8-beta1 and earlier versions, as well as Magento Open Source 2.4.8-beta1 and earlier versions. This vulnerability is characterized by improper authorization (CWE-285) that could allow attackers to escalate privileges without requiring authentication or administrative privileges (Adobe Security).
Technical details
The vulnerability has been assigned a Critical severity rating with a CVSS base score of 9.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L). The technical assessment indicates that no authentication is required to exploit this vulnerability, and it does not require administrative privileges for successful exploitation. The vulnerability stems from improper authorization mechanisms in the affected systems (Adobe Security).
Impact
Successful exploitation of CVE-2025-24434 could lead to privilege escalation in affected systems. The high CVSS score of 9.4 indicates severe potential impacts, with the ability to compromise both confidentiality and integrity of the system at high levels, while also potentially affecting system availability to a lesser degree (Adobe Security).
Mitigation and workarounds
Adobe has released security updates to address this vulnerability. Users are advised to update to the following versions: Adobe Commerce 2.4.8-beta2 (for 2.4.8-beta1 users), 2.4.7-p4 (for 2.4.7-p3 and earlier), 2.4.6-p9 (for 2.4.6-p8 and earlier), 2.4.5-p11 (for 2.4.5-p10 and earlier), and 2.4.4-p12 (for 2.4.4-p11 and earlier). Additionally, an isolated patch specifically for CVE-2025-24434 has been made available for Adobe Commerce and Magento Open Source (Adobe Security).
Community reactions
The vulnerability was responsibly disclosed by security researcher thlassche, who worked with Adobe to address the issue. Adobe has categorized this update with a Priority 1 rating, indicating it resolves vulnerabilities being targeted or at a higher risk of being targeted by exploitation (Adobe Security).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management