CVE-2025-43585: 
PHP vulnerability analysis and mitigation

CVE-2025-43585 is an Improper Authorization vulnerability affecting Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier, as well as corresponding versions of Adobe Commerce B2B and Magento Open Source. The vulnerability was disclosed on June 10, 2025, and could result in a security feature bypass (NVD, Wiz).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.2 (HIGH) with the vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N. This scoring indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and has limited impact on confidentiality but high impact on integrity (NVD, Wiz).

The vulnerability enables attackers to bypass security measures and gain unauthorized access, resulting in a limited impact on confidentiality and a high impact on integrity. The exploitation does not require user interaction, making it particularly concerning for affected systems (NVD, Wiz).

Adobe has released patches to address this vulnerability. Users are advised to update their Adobe Commerce installations to the latest version to mitigate the risk. The affected versions that should be updated include Adobe Commerce (2.4.8, 2.4.7-p5 and earlier, 2.4.6-p10 and earlier, 2.4.5-p12 and earlier, and 2.4.4-p13 and earlier) (Hacker News, Adobe Security).