CVE-2025-49555
HIGHDescription
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.
Is your site exposed to CVE-2025-49555?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | commerce_b2b |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
| adobe | magento |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-49555? +
How severe is CVE-2025-49555? +
What products are affected by CVE-2025-49555? +
How do I check if I'm vulnerable to CVE-2025-49555? +
Related Vulnerabilities
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the `cTrash.restore` function does …
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does …
Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under …
Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows …
Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or …
Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw.