216.73.216.170

CVE-2025-30150

· Published 08/04/2025 14:15 · Modified 08/04/2025 18:13

Labels: CVE-2025-30150 2025-04-08CVE-2025-30150CWE-204[email protected]

Essential information

Published
08/04/2025 14:15
Modified
08/04/2025 18:13
Author
Creator
CISA KEV
No
CWE

Description

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates clearly that there is no account for this customer. In contrast you get a success response if the account was found. This vulnerability is fixed in Shopware 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References