Vulnerability DatabaseCVE-2025-43585

CVE-2025-43585:
Adobe Commerce vulnerability analysis and mitigation

Overview

CVE-2025-43585 is an Improper Authorization vulnerability affecting Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier. The vulnerability was disclosed on June 10, 2025, and could result in a security feature bypass (NVD).

Technical details

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.2 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and has limited impact on confidentiality but high impact on integrity (NVD).

Impact

The vulnerability could allow an attacker to bypass security measures and gain unauthorized access, leading to a limited impact on confidentiality and a high impact on integrity. The exploitation does not require user interaction, making it particularly concerning for affected systems (NVD).

Mitigation and workarounds

Adobe has released patches to address this vulnerability. Users are advised to update to the latest version of Adobe Commerce to mitigate the risk (Adobe Security, Hacker News).