Threat Insight

Critical CVE-2025-24434 Vulnerability in Adobe Commerce and Magento Open Source

Adobe recently published patches for Adobe Commerce and Magento Open Source[1], which resolves a critical vulnerability in the products. The vulnerability abuses improper authorization, which could result in an unauthenticated attacker elevating their privileges, malicious remote code execution, and gain unauthorized access. Exploitation of this vulnerability does not require any interaction from any local user, further increasing it’s criticality.

  • Insight
Critical CVE-2025-24434 Vulnerability in Adobe Commerce

CVE

CVE-2025-24434

Affected Products

Adobe Commerce on Cloud infrastructure, Adobe Commerce on-premises, and Magento Open Source: 2.4.8-beta1 and earlier 2.4.7-p3 and earlier 2.4.6-p8 and earlier 2.4.5-p10 and earlier 2.4.4-p11 and earlier

Apply isolated patches provided by Adobe[2], depending on your version of Adobe Commerce/Magento Open Source.

References

[1] https://experienceleague.adobe.com/en/docs/commerce-knowledge-base/kb/troubleshooting/known-issues-patches-attached/security-update-available-for-adobe-commerce-apsb25-08
[2] https://experienceleague.adobe.com/en/docs/commerce-knowledge-base/kb/troubleshooting/known-issues-patches-attached/security-update-available-for-adobe-commerce-apsb25-08#:~:text=Open%20Source%20version.-,Isolated%20Patch%20Details,-Use%20the%20following

Stay ahead with cyber insights

Newsletter

Stay ahead in cybersecurity! Sign up for Truesec’s newsletter to receive the latest insights, expert tips, and industry news directly to your inbox. Join our community of professionals and stay informed about emerging threats, best practices, and exclusive updates from Truesec.