CVE-2025-24438: 
PHP vulnerability analysis and mitigation

A critical stored Cross-Site Scripting (XSS) vulnerability (CVE-2025-24438) was discovered in Adobe Commerce and Magento Open Source. The vulnerability was disclosed on February 11, 2025, affecting multiple versions of Adobe Commerce and Magento Open Source platforms (Adobe Security).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) with a CVSS base score of 8.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N). The vulnerability requires both authentication and administrative privileges to exploit (Adobe Security).

Successful exploitation of this vulnerability could lead to arbitrary code execution. The high CVSS score of 8.7 indicates significant potential impact on the confidentiality and integrity of the affected systems (Adobe Security).

Adobe has released security updates to address this vulnerability. Users are recommended to update their installations to the newest versions: 2.4.8-beta2 for 2.4.8-beta1, 2.4.7-p4 for 2.4.7-p3 and earlier, 2.4.6-p9 for 2.4.6-p8 and earlier, 2.4.5-p11 for 2.4.5-p10 and earlier, and 2.4.4-p12 for 2.4.4-p11 and earlier (Adobe Security).

The vulnerability was responsibly disclosed by security researcher 'wohlie' who worked with Adobe to help protect their customers (Adobe Security).