216.73.216.86

CVE-2025-49558

· Published 12/08/2025 18:15 · Modified 13/08/2025 17:34

Labels: CVE-2025-49558 2025-08-12CVE-2025-49558CWE-367[email protected]

Essential information

Published
12/08/2025 18:15
Modified
13/08/2025 17:34
Author
Creator
CVSS
5.9 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS metrics

Description

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.9-alpha1:*:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.8-p1:*:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.7-p6:*:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.6-p11:*:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.5-p13:*:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:2.4.4-p14:*:*:*:*:*:*:*
adobe / commerce cpe:2.3:a:adobe:commerce:<2.4.4:*:*:*:*:*:*:*

References