Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/69653?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/69653?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta1", "type": "composer", "namespace": "magento", "name": "community-edition", "version": "2.4.8-beta1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.8-beta2", "latest_non_vulnerable_version": "2.4.9-alpha3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20438?format=api", "vulnerability_id": "VCID-2495-ugn7-v7fk", "summary": "Magento vulnerable to stored Cross-Site Scripting (XSS)\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54266", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18113", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54266" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:24:32Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54266", "reference_id": "CVE-2025-54266", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54266" }, { "reference_url": "https://github.com/advisories/GHSA-pcrx-r49h-x2w5", "reference_id": "GHSA-pcrx-r49h-x2w5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pcrx-r49h-x2w5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69657?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/69656?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54266", "GHSA-pcrx-r49h-x2w5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2495-ugn7-v7fk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288089?format=api", "vulnerability_id": "VCID-3sn5-689e-cbhk", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27841", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24432" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:09:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24432", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24432" }, { "reference_url": "https://github.com/advisories/GHSA-7jmr-43qj-pw47", "reference_id": "GHSA-7jmr-43qj-pw47", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7jmr-43qj-pw47" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24432", "GHSA-7jmr-43qj-pw47" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sn5-689e-cbhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/289941?format=api", "vulnerability_id": "VCID-3vpy-uswf-5ugc", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18492", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27192" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:23Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27192", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27192" }, { "reference_url": "https://github.com/advisories/GHSA-2r94-wm5v-4prx", "reference_id": "GHSA-2r94-wm5v-4prx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2r94-wm5v-4prx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193091?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-27192", "GHSA-2r94-wm5v-4prx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3vpy-uswf-5ugc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288073?format=api", "vulnerability_id": "VCID-3wnx-e9kp-fkg7", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80197", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24416" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:48Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24416", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24416" }, { "reference_url": "https://github.com/advisories/GHSA-rjjw-g6hw-7pc9", "reference_id": "GHSA-rjjw-g6hw-7pc9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rjjw-g6hw-7pc9" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24416", "GHSA-rjjw-g6hw-7pc9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3wnx-e9kp-fkg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288086?format=api", "vulnerability_id": "VCID-46mz-swkk-suhn", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39606", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24429" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24429", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24429" }, { "reference_url": "https://github.com/advisories/GHSA-656q-fx2w-8ccv", "reference_id": "GHSA-656q-fx2w-8ccv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-656q-fx2w-8ccv" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24429", "GHSA-656q-fx2w-8ccv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46mz-swkk-suhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/289939?format=api", "vulnerability_id": "VCID-4kg3-wkw1-vqhy", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42298", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27190" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:02Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27190", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27190" }, { "reference_url": "https://github.com/advisories/GHSA-6wq7-cg9h-mj6q", "reference_id": "GHSA-6wq7-cg9h-mj6q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6wq7-cg9h-mj6q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193091?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-27190", "GHSA-6wq7-cg9h-mj6q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4kg3-wkw1-vqhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/302978?format=api", "vulnerability_id": "VCID-53d5-qzm4-vfgs", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29366", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49555" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:10Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49555", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49555" }, { "reference_url": "https://github.com/advisories/GHSA-5777-jj7p-mpqw", "reference_id": "GHSA-5777-jj7p-mpqw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5777-jj7p-mpqw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194767?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9hc-nhv2-7ubx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/194766?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9hc-nhv2-7ubx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49555", "GHSA-5777-jj7p-mpqw" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53d5-qzm4-vfgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288072?format=api", "vulnerability_id": "VCID-5fmh-e4j7-nbcf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80197", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24415" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:47Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24415", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24415" }, { "reference_url": "https://github.com/advisories/GHSA-gc27-rvvm-q77r", "reference_id": "GHSA-gc27-rvvm-q77r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gc27-rvvm-q77r" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24415", "GHSA-gc27-rvvm-q77r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5fmh-e4j7-nbcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288074?format=api", "vulnerability_id": "VCID-7dbc-v42e-j7d6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80197", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24417" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:50Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24417", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24417" }, { "reference_url": "https://github.com/advisories/GHSA-g3j6-9753-8mp2", "reference_id": "GHSA-g3j6-9753-8mp2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g3j6-9753-8mp2" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24417", "GHSA-g3j6-9753-8mp2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7dbc-v42e-j7d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288085?format=api", "vulnerability_id": "VCID-8crc-kmpq-63bd", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24428", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0102", "scoring_system": "epss", "scoring_elements": "0.77524", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24428" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:10Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24428", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24428" }, { "reference_url": "https://github.com/advisories/GHSA-mm87-rrqx-94cr", "reference_id": "GHSA-mm87-rrqx-94cr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mm87-rrqx-94cr" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24428", "GHSA-mm87-rrqx-94cr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8crc-kmpq-63bd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20439?format=api", "vulnerability_id": "VCID-9gte-ub5c-mqas", "summary": "Magento allows incorrect authorization\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54265", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29601", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54265" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T20:35:42Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54265", "reference_id": "CVE-2025-54265", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54265" }, { "reference_url": "https://github.com/advisories/GHSA-r355-75hw-r8jf", "reference_id": "GHSA-r355-75hw-r8jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r355-75hw-r8jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69657?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/69656?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54265", "GHSA-r355-75hw-r8jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gte-ub5c-mqas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288090?format=api", "vulnerability_id": "VCID-9rdk-3631-eqcw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24434", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.4402", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24434" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:37Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24434", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24434" }, { "reference_url": "https://github.com/advisories/GHSA-fppq-f2m6-xv5c", "reference_id": "GHSA-fppq-f2m6-xv5c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fppq-f2m6-xv5c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193091?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-24434", "GHSA-fppq-f2m6-xv5c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9rdk-3631-eqcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/306331?format=api", "vulnerability_id": "VCID-a9hc-nhv2-7ubx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.72152", "scoring_system": "epss", "scoring_elements": "0.98776", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54236" }, { "reference_url": "https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-24T14:08:30Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html" }, { "reference_url": "https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54236", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54236" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236" }, { "reference_url": "https://github.com/advisories/GHSA-wh92-6q6g-px7j", "reference_id": "GHSA-wh92-6q6g-px7j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wh92-6q6g-px7j" } ], "fixed_packages": [], "aliases": [ "CVE-2025-54236", "GHSA-wh92-6q6g-px7j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a9hc-nhv2-7ubx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288078?format=api", "vulnerability_id": "VCID-ac6e-denb-w7hy", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35299", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24421" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:01Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24421", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24421" }, { "reference_url": "https://github.com/advisories/GHSA-v6r2-425c-hfrr", "reference_id": "GHSA-v6r2-425c-hfrr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v6r2-425c-hfrr" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24421", "GHSA-v6r2-425c-hfrr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ac6e-denb-w7hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/302979?format=api", "vulnerability_id": "VCID-annu-j9a3-xkhs", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00265", "scoring_system": "epss", "scoring_elements": "0.50185", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49556" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:25Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49556", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49556" }, { "reference_url": "https://github.com/advisories/GHSA-7hrj-3c9x-xv5h", "reference_id": "GHSA-7hrj-3c9x-xv5h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7hrj-3c9x-xv5h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194767?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9hc-nhv2-7ubx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/194766?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9hc-nhv2-7ubx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49556", "GHSA-7hrj-3c9x-xv5h" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-annu-j9a3-xkhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20443?format=api", "vulnerability_id": "VCID-d372-f5hu-1bhr", "summary": "Magento provides incorrect authorization through a security feature bypass\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54263", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25901", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54263" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:29Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54263", "reference_id": "CVE-2025-54263", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54263" }, { "reference_url": "https://github.com/advisories/GHSA-69x9-xp2j-w8g8", "reference_id": "GHSA-69x9-xp2j-w8g8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-69x9-xp2j-w8g8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69657?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/69656?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54263", "GHSA-69x9-xp2j-w8g8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d372-f5hu-1bhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288094?format=api", "vulnerability_id": "VCID-dqfx-d99q-jyd1", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80197", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24438" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:43Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24438", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24438" }, { "reference_url": "https://github.com/advisories/GHSA-8884-7rm9-mrx4", "reference_id": "GHSA-8884-7rm9-mrx4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8884-7rm9-mrx4" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24438", "GHSA-8884-7rm9-mrx4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dqfx-d99q-jyd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288065?format=api", "vulnerability_id": "VCID-ekn2-uahd-4qgw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59581", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24408" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:13Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24408", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24408" }, { "reference_url": "https://github.com/advisories/GHSA-3cfg-w257-cgf8", "reference_id": "GHSA-3cfg-w257-cgf8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3cfg-w257-cgf8" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24408", "GHSA-3cfg-w257-cgf8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ekn2-uahd-4qgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288071?format=api", "vulnerability_id": "VCID-ewjp-uxup-gqex", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80197", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24414" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:45Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24414", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24414" }, { "reference_url": "https://github.com/advisories/GHSA-fhw6-3mj5-w9gv", "reference_id": "GHSA-fhw6-3mj5-w9gv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fhw6-3mj5-w9gv" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24414", "GHSA-fhw6-3mj5-w9gv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewjp-uxup-gqex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288091?format=api", "vulnerability_id": "VCID-gdh1-vff1-cfc2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24435", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40405", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24435" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:16Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24435", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24435" }, { "reference_url": "https://github.com/advisories/GHSA-82p4-55gj-956p", "reference_id": "GHSA-82p4-55gj-956p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-82p4-55gj-956p" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24435", "GHSA-82p4-55gj-956p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdh1-vff1-cfc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20442?format=api", "vulnerability_id": "VCID-hbre-ty72-g7gy", "summary": "Magento vulnerable to stored Cross-Site Scripting (XSS)\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24578", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54264" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:28Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54264", "reference_id": "CVE-2025-54264", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54264" }, { "reference_url": "https://github.com/advisories/GHSA-2768-5wmv-cfff", "reference_id": "GHSA-2768-5wmv-cfff", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2768-5wmv-cfff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69657?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/69656?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54264", "GHSA-2768-5wmv-cfff" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hbre-ty72-g7gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288081?format=api", "vulnerability_id": "VCID-jbzd-yjne-6ucr", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45221", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24424" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:44Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24424", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24424" }, { "reference_url": "https://github.com/advisories/GHSA-539v-w87w-w62c", "reference_id": "GHSA-539v-w87w-w62c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-539v-w87w-w62c" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24424", "GHSA-539v-w87w-w62c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbzd-yjne-6ucr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288070?format=api", "vulnerability_id": "VCID-jnsk-z1qy-8uh7", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24413", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80197", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24413" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:44Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24413", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24413" }, { "reference_url": "https://github.com/advisories/GHSA-xwgx-8v72-4j5j", "reference_id": "GHSA-xwgx-8v72-4j5j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xwgx-8v72-4j5j" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24413", "GHSA-xwgx-8v72-4j5j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jnsk-z1qy-8uh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288092?format=api", "vulnerability_id": "VCID-khdx-kb5m-qyd7", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35299", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24436" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:53Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24436", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24436" }, { "reference_url": "https://github.com/advisories/GHSA-ghpr-6qhr-rpp8", "reference_id": "GHSA-ghpr-6qhr-rpp8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ghpr-6qhr-rpp8" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24436", "GHSA-ghpr-6qhr-rpp8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khdx-kb5m-qyd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288063?format=api", "vulnerability_id": "VCID-mcuv-294k-5qc4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46583", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24406" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:51:36Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24406", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24406" }, { "reference_url": "https://github.com/advisories/GHSA-954p-ff72-327w", "reference_id": "GHSA-954p-ff72-327w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-954p-ff72-327w" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24406", "GHSA-954p-ff72-327w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mcuv-294k-5qc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288084?format=api", "vulnerability_id": "VCID-mwg1-4tbg-53cg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24427", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40405", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24427" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:04Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24427", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24427" }, { "reference_url": "https://github.com/advisories/GHSA-v3hq-g424-5mgg", "reference_id": "GHSA-v3hq-g424-5mgg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v3hq-g424-5mgg" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24427", "GHSA-v3hq-g424-5mgg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwg1-4tbg-53cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288068?format=api", "vulnerability_id": "VCID-p84d-d8gt-ukck", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24411", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29003", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24411" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:40Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24411", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24411" }, { "reference_url": "https://github.com/advisories/GHSA-36hw-x3cc-m258", "reference_id": "GHSA-36hw-x3cc-m258", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-36hw-x3cc-m258" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24411", "GHSA-36hw-x3cc-m258" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p84d-d8gt-ukck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288067?format=api", "vulnerability_id": "VCID-qsq4-2nz1-p7hu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24410", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01784", "scoring_system": "epss", "scoring_elements": "0.83046", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24410" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:38Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24410", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24410" }, { "reference_url": "https://github.com/advisories/GHSA-gjxp-46rq-wg4q", "reference_id": "GHSA-gjxp-46rq-wg4q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gjxp-46rq-wg4q" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24410", "GHSA-gjxp-46rq-wg4q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsq4-2nz1-p7hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288069?format=api", "vulnerability_id": "VCID-rhp2-bwp6-k3d4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24412", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01321", "scoring_system": "epss", "scoring_elements": "0.80197", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24412" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:41Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24412", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24412" }, { "reference_url": "https://github.com/advisories/GHSA-m4rg-mpp2-97px", "reference_id": "GHSA-m4rg-mpp2-97px", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4rg-mpp2-97px" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24412", "GHSA-m4rg-mpp2-97px" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhp2-bwp6-k3d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288082?format=api", "vulnerability_id": "VCID-t5m6-39fh-zfhg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47936", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24425" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:51:39Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24425", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24425" }, { "reference_url": "https://github.com/advisories/GHSA-6ff8-jrfg-43hh", "reference_id": "GHSA-6ff8-jrfg-43hh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6ff8-jrfg-43hh" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24425", "GHSA-6ff8-jrfg-43hh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5m6-39fh-zfhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20445?format=api", "vulnerability_id": "VCID-tk7j-4vsm-e7c6", "summary": "Magento vulnerable to privilege escalation due to incorrect authorization\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that increase integrity impact to high. Exploitation of this issue does not require user interaction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20459", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54267" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-16T03:56:04Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54267", "reference_id": "CVE-2025-54267", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54267" }, { "reference_url": "https://github.com/advisories/GHSA-qvwr-p3hj-j6jf", "reference_id": "GHSA-qvwr-p3hj-j6jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qvwr-p3hj-j6jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69657?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3" }, { "url": "http://public2.vulnerablecode.io/api/packages/69656?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3" } ], "aliases": [ "CVE-2025-54267", "GHSA-qvwr-p3hj-j6jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tk7j-4vsm-e7c6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/289937?format=api", "vulnerability_id": "VCID-uv6e-ctrt-eycw", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0012", "scoring_system": "epss", "scoring_elements": "0.30612", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27188" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:30Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27188", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27188" }, { "reference_url": "https://github.com/advisories/GHSA-rr2g-rrjj-xw86", "reference_id": "GHSA-rr2g-rrjj-xw86", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rr2g-rrjj-xw86" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69654?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2495-ugn7-v7fk" }, { "vulnerability": "VCID-3jns-w9p4-jyca" }, { "vulnerability": "VCID-53d5-qzm4-vfgs" }, { "vulnerability": "VCID-9gte-ub5c-mqas" }, { "vulnerability": "VCID-a9hc-nhv2-7ubx" }, { "vulnerability": "VCID-annu-j9a3-xkhs" }, { "vulnerability": "VCID-d372-f5hu-1bhr" }, { "vulnerability": "VCID-epeq-fvse-xudw" }, { "vulnerability": "VCID-gyd8-hu6s-wkgt" }, { "vulnerability": "VCID-hbre-ty72-g7gy" }, { "vulnerability": "VCID-mgk4-9tan-a7fj" }, { "vulnerability": "VCID-tk7j-4vsm-e7c6" }, { "vulnerability": "VCID-vjad-xkj2-nygh" }, { "vulnerability": "VCID-weqh-3ye3-nbbp" }, { "vulnerability": "VCID-yjgp-6ntk-xbc3" }, { "vulnerability": "VCID-yzdu-4cnk-5uft" }, { "vulnerability": "VCID-zgzb-haur-s7aq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8" } ], "aliases": [ "CVE-2025-27188", "GHSA-rr2g-rrjj-xw86" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uv6e-ctrt-eycw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288087?format=api", "vulnerability_id": "VCID-v7r7-xtq1-gug6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27841", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24430" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:47Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24430", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24430" }, { "reference_url": "https://github.com/advisories/GHSA-6w27-c66f-gvhq", "reference_id": "GHSA-6w27-c66f-gvhq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6w27-c66f-gvhq" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24430", "GHSA-6w27-c66f-gvhq" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v7r7-xtq1-gug6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/302977?format=api", "vulnerability_id": "VCID-vjad-xkj2-nygh", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49554", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52607", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49554" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:27Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49554", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49554" }, { "reference_url": "https://github.com/advisories/GHSA-xgfm-992v-h2hr", "reference_id": "GHSA-xgfm-992v-h2hr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xgfm-992v-h2hr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194767?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9hc-nhv2-7ubx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/194766?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9hc-nhv2-7ubx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49554", "GHSA-xgfm-992v-h2hr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjad-xkj2-nygh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288093?format=api", "vulnerability_id": "VCID-wdvt-5z3a-5bc2", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35635", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24437" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:35Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24437", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24437" }, { "reference_url": "https://github.com/advisories/GHSA-469f-wf4f-3jjv", "reference_id": "GHSA-469f-wf4f-3jjv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-469f-wf4f-3jjv" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24437", "GHSA-469f-wf4f-3jjv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdvt-5z3a-5bc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/302981?format=api", "vulnerability_id": "VCID-weqh-3ye3-nbbp", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00505", "scoring_system": "epss", "scoring_elements": "0.66502", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49558" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:13Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49558", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49558" }, { "reference_url": "https://github.com/advisories/GHSA-wcmw-8xpp-rwfj", "reference_id": "GHSA-wcmw-8xpp-rwfj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wcmw-8xpp-rwfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194767?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9hc-nhv2-7ubx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/194766?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9hc-nhv2-7ubx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49558", "GHSA-wcmw-8xpp-rwfj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-weqh-3ye3-nbbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/288066?format=api", "vulnerability_id": "VCID-yh52-jggb-jfgx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24409", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34733", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24409" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:11:11Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-08.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24409", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24409" }, { "reference_url": "https://github.com/advisories/GHSA-vw47-79jv-3598", "reference_id": "GHSA-vw47-79jv-3598", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vw47-79jv-3598" } ], "fixed_packages": [], "aliases": [ "CVE-2025-24409", "GHSA-vw47-79jv-3598" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yh52-jggb-jfgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/302982?format=api", "vulnerability_id": "VCID-yjgp-6ntk-xbc3", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00589", "scoring_system": "epss", "scoring_elements": "0.69477", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49559" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:14Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-71.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49559", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49559" }, { "reference_url": "https://github.com/advisories/GHSA-h4f4-gv6h-x824", "reference_id": "GHSA-h4f4-gv6h-x824", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h4f4-gv6h-x824" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194767?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9hc-nhv2-7ubx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2" }, { "url": "http://public2.vulnerablecode.io/api/packages/194766?format=api", "purl": "pkg:composer/magento/community-edition@2.4.9-alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a9hc-nhv2-7ubx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2" } ], "aliases": [ "CVE-2025-49559", "GHSA-h4f4-gv6h-x824" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjgp-6ntk-xbc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/301158?format=api", "vulnerability_id": "VCID-yzdu-4cnk-5uft", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00709", "scoring_system": "epss", "scoring_elements": "0.72534", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47110" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-10T18:09:25Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47110", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47110" }, { "reference_url": "https://github.com/advisories/GHSA-j934-vjh5-vf9r", "reference_id": "GHSA-j934-vjh5-vf9r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j934-vjh5-vf9r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196023?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-p1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p1" } ], "aliases": [ "CVE-2025-47110", "GHSA-j934-vjh5-vf9r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yzdu-4cnk-5uft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/289940?format=api", "vulnerability_id": "VCID-zacs-wg6m-qyg4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00203", "scoring_system": "epss", "scoring_elements": "0.42298", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27191" }, { "reference_url": "https://github.com/magento/magento2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/magento/magento2" }, { "reference_url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:08Z/" } ], "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27191", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27191" }, { "reference_url": "https://github.com/advisories/GHSA-vhcq-4xrm-2cr2", "reference_id": "GHSA-vhcq-4xrm-2cr2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vhcq-4xrm-2cr2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/193091?format=api", "purl": "pkg:composer/magento/community-edition@2.4.8-beta2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2" } ], "aliases": [ "CVE-2025-27191", "GHSA-vhcq-4xrm-2cr2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zacs-wg6m-qyg4" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1" }