CVE-2025-47110: 
Adobe Commerce vulnerability analysis and mitigation

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2025-47110. The vulnerability was disclosed on June 10, 2025, and received a critical CVSS score of 9.1. This security flaw affects Adobe Commerce and Magento Open Source platforms (NVD, Hacker News).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that could be exploited by attackers with high privileges. The vulnerability allows malicious actors to inject malicious scripts into vulnerable form fields, which can then be executed in a victim's browser when they access the affected page. The critical severity is reflected in its CVSS v3.1 score of 9.1, with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high potential impact on confidentiality, integrity, and availability (NVD).

Successful exploitation of this vulnerability could result in arbitrary code execution when a victim browses to a page containing the compromised field. The high CVSS score indicates severe potential impacts on system confidentiality, integrity, and availability. The vulnerability affects multiple versions of Adobe Commerce and Magento Open Source, potentially exposing numerous e-commerce platforms to security risks (Hacker News).

Adobe has released patches to address this vulnerability. Users are advised to update their Adobe Commerce and Magento Open Source installations to the latest versions. The fix is included in Adobe's latest security update, which addresses a total of 254 security flaws (Hacker News).