Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HAdobe Commerce
APPAdobe2.3.72.4.3< 2.3.72.4.0 – 2.4.3 (bez)Adobe Magento Open Source
APPAdobe2.3.72.4.3< 2.3.72.4.0 – 2.4.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
Related vulnerabilities
CVE-2025-54236CRITICAL9.1⚠ KEVPL ✓ten sam produkt
Adobe Commerce/Magento — przejęcie sesji przez Improper Input Validation
CVE-2024-34102CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Krytyczna podatność XXE w Adobe Commerce umożliwiająca RCE
CVE-2022-24086CRITICAL9.8⚠ KEVten sam produkt
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input va...
CVE-2025-24434CRITICAL9.1PL ✓ten sam produkt
Adobe Commerce — Incorrect Authorization umożliwiające privilege escalation
CVE-2024-45115CRITICAL9.8PL ✓ten sam produkt
Adobe Commerce — nieprawidłowe uwierzytelnienie umożliwiające privilege escalation