{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","type":"composer","namespace":"magento","name":"community-edition","version":"2.4.8-beta2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.8-p3","latest_non_vulnerable_version":"2.4.9-alpha3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57823?format=json","vulnerability_id":"VCID-1jsp-392b-2fgb","summary":"Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability\nMagento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49558","reference_id":"","reference_type":"","scores":[{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66592","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66585","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.666","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01616","scoring_system":"epss","scoring_elements":"0.82164","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01616","scoring_system":"epss","scoring_elements":"0.82179","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49558"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:13Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49558","reference_id":"CVE-2025-49558","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49558"},{"reference_url":"https://github.com/advisories/GHSA-wcmw-8xpp-rwfj","reference_id":"GHSA-wcmw-8xpp-rwfj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wcmw-8xpp-rwfj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86023?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/86022?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49558","GHSA-wcmw-8xpp-rwfj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1jsp-392b-2fgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57442?format=json","vulnerability_id":"VCID-3g5s-hryc-5qa9","summary":"Magneto contains stored XSS vulnerability\nMagento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47110","reference_id":"","reference_type":"","scores":[{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72632","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72607","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72621","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72639","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47110"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-10T18:09:25Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-50.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47110","reference_id":"CVE-2025-47110","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47110"},{"reference_url":"https://github.com/advisories/GHSA-j934-vjh5-vf9r","reference_id":"GHSA-j934-vjh5-vf9r","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j934-vjh5-vf9r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85398?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p1"},{"url":"http://public2.vulnerablecode.io/api/packages/70852?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha1"}],"aliases":["CVE-2025-47110","GHSA-j934-vjh5-vf9r"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3g5s-hryc-5qa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48026?format=json","vulnerability_id":"VCID-cafy-5dd8-rudj","summary":"Magento allows incorrect authorization\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54265","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29548","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29458","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29444","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29477","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.2951","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54265"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T20:35:42Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54265","reference_id":"CVE-2025-54265","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54265"},{"reference_url":"https://github.com/advisories/GHSA-r355-75hw-r8jf","reference_id":"GHSA-r355-75hw-r8jf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r355-75hw-r8jf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70854?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/70853?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54265","GHSA-r355-75hw-r8jf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cafy-5dd8-rudj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58128?format=json","vulnerability_id":"VCID-ccx1-qacj-2qev","summary":"Magento Community Edition Improper Input Validation vulnerability\nAdobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact to high. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54236","reference_id":"","reference_type":"","scores":[{"value":"0.72152","scoring_system":"epss","scoring_elements":"0.98772","published_at":"2026-06-06T12:55:00Z"},{"value":"0.72152","scoring_system":"epss","scoring_elements":"0.98769","published_at":"2026-06-09T12:55:00Z"},{"value":"0.72152","scoring_system":"epss","scoring_elements":"0.9877","published_at":"2026-06-08T12:55:00Z"},{"value":"0.72152","scoring_system":"epss","scoring_elements":"0.98771","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54236"},{"reference_url":"https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-88.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-10-24T14:08:30Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-88.html"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54236","reference_id":"CVE-2025-54236","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54236"},{"reference_url":"https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento","reference_id":"CVE-2025-54236-SESSIONREAPER-UNAUTHENTICATED-RCE-IN-MAGENTO","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento"},{"reference_url":"https://github.com/advisories/GHSA-wh92-6q6g-px7j","reference_id":"GHSA-wh92-6q6g-px7j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wh92-6q6g-px7j"}],"fixed_packages":[],"aliases":["CVE-2025-54236","GHSA-wh92-6q6g-px7j"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ccx1-qacj-2qev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57822?format=json","vulnerability_id":"VCID-cm2a-1yc5-v3cy","summary":"Magento has incorrect authorization issue that leads to arbitrary file system read\nMagento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49556","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50269","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50259","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50277","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77866","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77884","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49556"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:25Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49556","reference_id":"CVE-2025-49556","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49556"},{"reference_url":"https://github.com/advisories/GHSA-7hrj-3c9x-xv5h","reference_id":"GHSA-7hrj-3c9x-xv5h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7hrj-3c9x-xv5h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86023?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/86022?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49556","GHSA-7hrj-3c9x-xv5h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cm2a-1yc5-v3cy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48032?format=json","vulnerability_id":"VCID-dj5a-35gt-u7dn","summary":"Magento vulnerable to privilege escalation due to incorrect authorization\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that increase integrity impact to high. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54267","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20402","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20511","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20523","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20411","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2047","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54267"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-16T03:56:04Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54267","reference_id":"CVE-2025-54267","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54267"},{"reference_url":"https://github.com/advisories/GHSA-qvwr-p3hj-j6jf","reference_id":"GHSA-qvwr-p3hj-j6jf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvwr-p3hj-j6jf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70854?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/70853?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54267","GHSA-qvwr-p3hj-j6jf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dj5a-35gt-u7dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57814?format=json","vulnerability_id":"VCID-eygc-ra9u-gyej","summary":"Magento Cross-Site Request Forgery (CSRF) vulnerability\nMagento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49555","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.2931","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29241","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29276","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.5908","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59064","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49555"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:10Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49555","reference_id":"CVE-2025-49555","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49555"},{"reference_url":"https://github.com/advisories/GHSA-5777-jj7p-mpqw","reference_id":"GHSA-5777-jj7p-mpqw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5777-jj7p-mpqw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86023?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/86022?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49555","GHSA-5777-jj7p-mpqw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eygc-ra9u-gyej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48030?format=json","vulnerability_id":"VCID-qrwc-3gsb-zkfy","summary":"Magento provides incorrect authorization through a security feature bypass\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54263","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25931","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2588","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25875","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25976","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25983","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54263"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:29Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54263","reference_id":"CVE-2025-54263","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54263"},{"reference_url":"https://github.com/advisories/GHSA-69x9-xp2j-w8g8","reference_id":"GHSA-69x9-xp2j-w8g8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69x9-xp2j-w8g8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70854?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/70853?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54263","GHSA-69x9-xp2j-w8g8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrwc-3gsb-zkfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48029?format=json","vulnerability_id":"VCID-th7y-aj51-mbaj","summary":"Magento vulnerable to stored Cross-Site Scripting (XSS)\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54264","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.4398","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43969","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44005","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.4403","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44021","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54264"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-21T03:55:28Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54264","reference_id":"CVE-2025-54264","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54264"},{"reference_url":"https://github.com/advisories/GHSA-2768-5wmv-cfff","reference_id":"GHSA-2768-5wmv-cfff","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2768-5wmv-cfff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70854?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/70853?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54264","GHSA-2768-5wmv-cfff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-th7y-aj51-mbaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57816?format=json","vulnerability_id":"VCID-tzug-ckkn-dyft","summary":"Magento vulnerable to denial of service\nMagento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49554","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52681","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52669","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52688","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01005","scoring_system":"epss","scoring_elements":"0.77405","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01005","scoring_system":"epss","scoring_elements":"0.77426","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49554"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T14:18:27Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49554","reference_id":"CVE-2025-49554","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49554"},{"reference_url":"https://github.com/advisories/GHSA-xgfm-992v-h2hr","reference_id":"GHSA-xgfm-992v-h2hr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xgfm-992v-h2hr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86023?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/86022?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49554","GHSA-xgfm-992v-h2hr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tzug-ckkn-dyft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57821?format=json","vulnerability_id":"VCID-wzu6-rbsv-mkde","summary":"Magento vulnerable to path traversal\nMagento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49559","reference_id":"","reference_type":"","scores":[{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69566","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69575","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00589","scoring_system":"epss","scoring_elements":"0.69567","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02291","scoring_system":"epss","scoring_elements":"0.85039","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02291","scoring_system":"epss","scoring_elements":"0.85024","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49559"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-08-13T15:04:14Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49559","reference_id":"CVE-2025-49559","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49559"},{"reference_url":"https://github.com/advisories/GHSA-h4f4-gv6h-x824","reference_id":"GHSA-h4f4-gv6h-x824","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h4f4-gv6h-x824"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86023?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p2"},{"url":"http://public2.vulnerablecode.io/api/packages/86022?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha2"}],"aliases":["CVE-2025-49559","GHSA-h4f4-gv6h-x824"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wzu6-rbsv-mkde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57099?format=json","vulnerability_id":"VCID-xfvu-2zg4-ruf6","summary":"Magento Improper Authorization vulnerability\nMagento versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27188","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36289","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36327","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36265","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36319","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36253","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27188"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:30Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27188","reference_id":"CVE-2025-27188","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27188"},{"reference_url":"https://github.com/advisories/GHSA-rr2g-rrjj-xw86","reference_id":"GHSA-rr2g-rrjj-xw86","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rr2g-rrjj-xw86"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70851?format=json","purl":"pkg:composer/magento/community-edition@2.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8"}],"aliases":["CVE-2025-27188","GHSA-rr2g-rrjj-xw86"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xfvu-2zg4-ruf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48025?format=json","vulnerability_id":"VCID-yyq6-dvyx-3bb9","summary":"Magento vulnerable to stored Cross-Site Scripting (XSS)\nMagento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54266","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18073","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18185","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18183","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18091","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18147","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54266"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T13:24:32Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-94.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54266","reference_id":"CVE-2025-54266","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54266"},{"reference_url":"https://github.com/advisories/GHSA-pcrx-r49h-x2w5","reference_id":"GHSA-pcrx-r49h-x2w5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pcrx-r49h-x2w5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70854?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-p3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-p3"},{"url":"http://public2.vulnerablecode.io/api/packages/70853?format=json","purl":"pkg:composer/magento/community-edition@2.4.9-alpha3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.9-alpha3"}],"aliases":["CVE-2025-54266","GHSA-pcrx-r49h-x2w5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yyq6-dvyx-3bb9"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56632?format=json","vulnerability_id":"VCID-2vsw-t8k2-4bfm","summary":"Adobe Commerce Improper Authorization vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11  and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access, leading to both confidentiality and integrity impact. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24409","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34777","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34813","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34764","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34796","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34742","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24409"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:11:11Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24409","reference_id":"CVE-2025-24409","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24409"},{"reference_url":"https://github.com/advisories/GHSA-vw47-79jv-3598","reference_id":"GHSA-vw47-79jv-3598","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vw47-79jv-3598"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24409","GHSA-vw47-79jv-3598"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vsw-t8k2-4bfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56639?format=json","vulnerability_id":"VCID-6tx4-wexr-fkbb","summary":"Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain elevated privileges. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24437","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35683","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35723","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35656","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35712","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35641","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24437"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:35Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24437","reference_id":"CVE-2025-24437","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24437"},{"reference_url":"https://github.com/advisories/GHSA-469f-wf4f-3jjv","reference_id":"GHSA-469f-wf4f-3jjv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-469f-wf4f-3jjv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24437","GHSA-469f-wf4f-3jjv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6tx4-wexr-fkbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56638?format=json","vulnerability_id":"VCID-7s74-rdkp-vyaf","summary":"Magento Incorrect Authorization vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to perform actions with permissions that were not granted. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24421","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35325","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35372","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35382","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35346","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35306","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24421"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:01Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24421","reference_id":"CVE-2025-24421","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24421"},{"reference_url":"https://github.com/advisories/GHSA-v6r2-425c-hfrr","reference_id":"GHSA-v6r2-425c-hfrr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v6r2-425c-hfrr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24421","GHSA-v6r2-425c-hfrr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7s74-rdkp-vyaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56636?format=json","vulnerability_id":"VCID-8hx4-r8bb-n7ge","summary":"Magento stored Cross-Site Scripting (XSS) vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24428","reference_id":"","reference_type":"","scores":[{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77583","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77604","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77595","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77603","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0102","scoring_system":"epss","scoring_elements":"0.77594","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24428"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:10Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24428","reference_id":"CVE-2025-24428","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24428"},{"reference_url":"https://github.com/advisories/GHSA-mm87-rrqx-94cr","reference_id":"GHSA-mm87-rrqx-94cr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mm87-rrqx-94cr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24428","GHSA-mm87-rrqx-94cr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8hx4-r8bb-n7ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56625?format=json","vulnerability_id":"VCID-8ky6-w2nk-9bds","summary":"Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24411","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28883","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28919","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28859","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28955","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28848","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24411"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:40Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24411","reference_id":"CVE-2025-24411","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24411"},{"reference_url":"https://github.com/advisories/GHSA-36hw-x3cc-m258","reference_id":"GHSA-36hw-x3cc-m258","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-36hw-x3cc-m258"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24411","GHSA-36hw-x3cc-m258"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ky6-w2nk-9bds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57107?format=json","vulnerability_id":"VCID-8shb-t5zp-rqbu","summary":"Magento Improper Access Control leads to Security feature bypass\nMagento versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27190","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50323","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50341","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50313","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50333","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50295","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27190"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:02Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27190","reference_id":"CVE-2025-27190","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27190"},{"reference_url":"https://github.com/advisories/GHSA-6wq7-cg9h-mj6q","reference_id":"GHSA-6wq7-cg9h-mj6q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6wq7-cg9h-mj6q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84773?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p13"},{"url":"http://public2.vulnerablecode.io/api/packages/84774?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84775?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/84776?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-27190","GHSA-6wq7-cg9h-mj6q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8shb-t5zp-rqbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56631?format=json","vulnerability_id":"VCID-a9b6-tenb-afdw","summary":"Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24416","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80246","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.8025","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.8026","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80247","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80239","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24416"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:48Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24416","reference_id":"CVE-2025-24416","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24416"},{"reference_url":"https://github.com/advisories/GHSA-rjjw-g6hw-7pc9","reference_id":"GHSA-rjjw-g6hw-7pc9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rjjw-g6hw-7pc9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24416","GHSA-rjjw-g6hw-7pc9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9b6-tenb-afdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56637?format=json","vulnerability_id":"VCID-b3cn-pjp3-4yhm","summary":"Magento Business Logic Error vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to circumvent intended security mechanisms by manipulating the logic of the application's operations causing limited data modification. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24425","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48018","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47983","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.48014","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47971","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24425"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:51:39Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24425","reference_id":"CVE-2025-24425","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24425"},{"reference_url":"https://github.com/advisories/GHSA-6ff8-jrfg-43hh","reference_id":"GHSA-6ff8-jrfg-43hh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6ff8-jrfg-43hh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24425","GHSA-6ff8-jrfg-43hh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3cn-pjp3-4yhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56643?format=json","vulnerability_id":"VCID-d6mk-hg8h-7qbc","summary":"Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing security mechanisms. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24432","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27699","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27658","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27737","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27789","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27651","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24432"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:09:50Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24432","reference_id":"CVE-2025-24432","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24432"},{"reference_url":"https://github.com/advisories/GHSA-7jmr-43qj-pw47","reference_id":"GHSA-7jmr-43qj-pw47","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7jmr-43qj-pw47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24432","GHSA-7jmr-43qj-pw47"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6mk-hg8h-7qbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57095?format=json","vulnerability_id":"VCID-egy6-nku7-zyap","summary":"Magento Improper Access Control leads to Security feature bypass\nMagento versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27191","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50323","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50341","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50313","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50333","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50295","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27191"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:08Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27191","reference_id":"CVE-2025-27191","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27191"},{"reference_url":"https://github.com/advisories/GHSA-vhcq-4xrm-2cr2","reference_id":"GHSA-vhcq-4xrm-2cr2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vhcq-4xrm-2cr2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84773?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p13"},{"url":"http://public2.vulnerablecode.io/api/packages/84774?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84775?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/84776?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-27191","GHSA-vhcq-4xrm-2cr2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egy6-nku7-zyap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56628?format=json","vulnerability_id":"VCID-fz5y-um7w-63f4","summary":"Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24410","reference_id":"","reference_type":"","scores":[{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.831","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.83101","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.83089","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.83096","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24410"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:38Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24410","reference_id":"CVE-2025-24410","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24410"},{"reference_url":"https://github.com/advisories/GHSA-gjxp-46rq-wg4q","reference_id":"GHSA-gjxp-46rq-wg4q","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gjxp-46rq-wg4q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24410","GHSA-gjxp-46rq-wg4q"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fz5y-um7w-63f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56647?format=json","vulnerability_id":"VCID-gedj-39p5-ubd6","summary":"Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24413","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80246","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.8025","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.8026","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80247","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80239","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24413"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:44Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24413","reference_id":"CVE-2025-24413","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24413"},{"reference_url":"https://github.com/advisories/GHSA-xwgx-8v72-4j5j","reference_id":"GHSA-xwgx-8v72-4j5j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xwgx-8v72-4j5j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24413","GHSA-xwgx-8v72-4j5j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gedj-39p5-ubd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56622?format=json","vulnerability_id":"VCID-hbau-7tvg-cygz","summary":"Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24429","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39649","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39685","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39688","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39661","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39633","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24429"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:50Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24429","reference_id":"CVE-2025-24429","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24429"},{"reference_url":"https://github.com/advisories/GHSA-656q-fx2w-8ccv","reference_id":"GHSA-656q-fx2w-8ccv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-656q-fx2w-8ccv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24429","GHSA-656q-fx2w-8ccv"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hbau-7tvg-cygz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57100?format=json","vulnerability_id":"VCID-j6ss-8f4e-e7g2","summary":"Magento does not properly protect credentials\nMagento versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27192","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2817","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28044","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2804","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28083","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28121","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27192"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:53:23Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-26.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27192","reference_id":"CVE-2025-27192","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27192"},{"reference_url":"https://github.com/advisories/GHSA-2r94-wm5v-4prx","reference_id":"GHSA-2r94-wm5v-4prx","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2r94-wm5v-4prx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84773?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p13"},{"url":"http://public2.vulnerablecode.io/api/packages/84774?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84775?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p10"},{"url":"http://public2.vulnerablecode.io/api/packages/84776?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p5"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-27192","GHSA-2r94-wm5v-4prx"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6ss-8f4e-e7g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56645?format=json","vulnerability_id":"VCID-jr49-4fs3-8qcp","summary":"Improper Authorization vulnerability in Magento and Adobe Commerce\nAdobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24434","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44071","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44095","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44045","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44087","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44035","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24434"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:37Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24434","reference_id":"CVE-2025-24434","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24434"},{"reference_url":"https://github.com/advisories/GHSA-fppq-f2m6-xv5c","reference_id":"GHSA-fppq-f2m6-xv5c","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fppq-f2m6-xv5c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24434","GHSA-fppq-f2m6-xv5c"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jr49-4fs3-8qcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56626?format=json","vulnerability_id":"VCID-mhvf-2keh-2qar","summary":"Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24417","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80246","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.8025","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.8026","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80247","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80239","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24417"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:50Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24417","reference_id":"CVE-2025-24417","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24417"},{"reference_url":"https://github.com/advisories/GHSA-g3j6-9753-8mp2","reference_id":"GHSA-g3j6-9753-8mp2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g3j6-9753-8mp2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24417","GHSA-g3j6-9753-8mp2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mhvf-2keh-2qar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56646?format=json","vulnerability_id":"VCID-mjb6-7au8-5fdx","summary":"Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24414","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80246","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.8025","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.8026","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80247","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80239","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24414"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:45Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24414","reference_id":"CVE-2025-24414","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24414"},{"reference_url":"https://github.com/advisories/GHSA-fhw6-3mj5-w9gv","reference_id":"GHSA-fhw6-3mj5-w9gv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fhw6-3mj5-w9gv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24414","GHSA-fhw6-3mj5-w9gv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mjb6-7au8-5fdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56623?format=json","vulnerability_id":"VCID-qp7s-amch-v3cd","summary":"Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to modify limited fields. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24435","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40453","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.4048","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40438","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40477","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40424","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24435"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:16Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24435","reference_id":"CVE-2025-24435","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24435"},{"reference_url":"https://github.com/advisories/GHSA-82p4-55gj-956p","reference_id":"GHSA-82p4-55gj-956p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-82p4-55gj-956p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24435","GHSA-82p4-55gj-956p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qp7s-amch-v3cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56642?format=json","vulnerability_id":"VCID-qzqd-271b-ybfj","summary":"Magento Information Exposure vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. A low-privileged attacker could gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24408","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59659","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59634","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59653","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59662","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24408"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:13Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24408","reference_id":"CVE-2025-24408","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24408"},{"reference_url":"https://github.com/advisories/GHSA-3cfg-w257-cgf8","reference_id":"GHSA-3cfg-w257-cgf8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3cfg-w257-cgf8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24408","GHSA-3cfg-w257-cgf8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qzqd-271b-ybfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56633?format=json","vulnerability_id":"VCID-r4bw-w4t9-23ek","summary":"Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24427","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40453","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.4048","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40438","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40477","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40424","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24427"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:49:04Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24427","reference_id":"CVE-2025-24427","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24427"},{"reference_url":"https://github.com/advisories/GHSA-v3hq-g424-5mgg","reference_id":"GHSA-v3hq-g424-5mgg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v3hq-g424-5mgg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24427","GHSA-v3hq-g424-5mgg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4bw-w4t9-23ek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56630?format=json","vulnerability_id":"VCID-re84-qg3k-3ub3","summary":"Adobe Commerce Path Traversal\nAdobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An unauthenticated attacker could exploit this vulnerability to modify files that are stored outside the restricted directory. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24406","reference_id":"","reference_type":"","scores":[{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46615","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46625","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46643","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.46663","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00235","scoring_system":"epss","scoring_elements":"0.4666","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24406"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:51:36Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24406","reference_id":"CVE-2025-24406","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24406"},{"reference_url":"https://github.com/advisories/GHSA-954p-ff72-327w","reference_id":"GHSA-954p-ff72-327w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-954p-ff72-327w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24406","GHSA-954p-ff72-327w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-re84-qg3k-3ub3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56635?format=json","vulnerability_id":"VCID-s4bp-kzfu-8qfy","summary":"Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24412","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80246","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.8025","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.8026","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80247","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80239","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24412"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:41Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24412","reference_id":"CVE-2025-24412","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24412"},{"reference_url":"https://github.com/advisories/GHSA-m4rg-mpp2-97px","reference_id":"GHSA-m4rg-mpp2-97px","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4rg-mpp2-97px"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24412","GHSA-m4rg-mpp2-97px"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4bp-kzfu-8qfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56644?format=json","vulnerability_id":"VCID-scg7-ugdn-53b9","summary":"Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24424","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45275","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45295","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45261","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45292","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45248","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24424"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:44Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24424","reference_id":"CVE-2025-24424","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24424"},{"reference_url":"https://github.com/advisories/GHSA-539v-w87w-w62c","reference_id":"GHSA-539v-w87w-w62c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-539v-w87w-w62c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24424","GHSA-539v-w87w-w62c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scg7-ugdn-53b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56624?format=json","vulnerability_id":"VCID-te3b-exz5-zke1","summary":"Magento Stored Cross-Site Scripting (XSS) Vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24415","reference_id":"","reference_type":"","scores":[{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80246","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.8025","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.8026","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80247","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01321","scoring_system":"epss","scoring_elements":"0.80239","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24415"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:47Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24415","reference_id":"CVE-2025-24415","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24415"},{"reference_url":"https://github.com/advisories/GHSA-gc27-rvvm-q77r","reference_id":"GHSA-gc27-rvvm-q77r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc27-rvvm-q77r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24415","GHSA-gc27-rvvm-q77r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-te3b-exz5-zke1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56627?format=json","vulnerability_id":"VCID-tvz9-8s4d-gbg6","summary":"Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing security mechanisms. Exploitation of this issue requires user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24430","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27651","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27658","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27699","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27737","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27789","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24430"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:47Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24430","reference_id":"CVE-2025-24430","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24430"},{"reference_url":"https://github.com/advisories/GHSA-6w27-c66f-gvhq","reference_id":"GHSA-6w27-c66f-gvhq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6w27-c66f-gvhq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24430","GHSA-6w27-c66f-gvhq"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvz9-8s4d-gbg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56640?format=json","vulnerability_id":"VCID-xsq8-ztqh-ubb8","summary":"Magento stored Cross-Site Scripting (XSS) vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24438","reference_id":"","reference_type":"","scores":[{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89292","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89309","published_at":"2026-06-09T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89291","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89293","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24438"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-14T04:55:43Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24438","reference_id":"CVE-2025-24438","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24438"},{"reference_url":"https://github.com/advisories/GHSA-8884-7rm9-mrx4","reference_id":"GHSA-8884-7rm9-mrx4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8884-7rm9-mrx4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24438","GHSA-8884-7rm9-mrx4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsq8-ztqh-ubb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56641?format=json","vulnerability_id":"VCID-y7x4-664r-3fbk","summary":"Magento Improper Access Control vulnerability\nAdobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24436","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35346","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35382","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35325","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35372","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35306","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24436"},{"reference_url":"https://github.com/magento/magento2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/magento/magento2"},{"reference_url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:48:53Z/"}],"url":"https://helpx.adobe.com/security/products/magento/apsb25-08.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24436","reference_id":"CVE-2025-24436","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24436"},{"reference_url":"https://github.com/advisories/GHSA-ghpr-6qhr-rpp8","reference_id":"GHSA-ghpr-6qhr-rpp8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ghpr-6qhr-rpp8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84086?format=json","purl":"pkg:composer/magento/community-edition@2.4.4-p12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12"},{"url":"http://public2.vulnerablecode.io/api/packages/84085?format=json","purl":"pkg:composer/magento/community-edition@2.4.5-p11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11"},{"url":"http://public2.vulnerablecode.io/api/packages/84084?format=json","purl":"pkg:composer/magento/community-edition@2.4.6-p9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9"},{"url":"http://public2.vulnerablecode.io/api/packages/84083?format=json","purl":"pkg:composer/magento/community-edition@2.4.7-p4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-4dae-vty8-b7hk"},{"vulnerability":"VCID-6p6q-ctya-q3bv"},{"vulnerability":"VCID-8shb-t5zp-rqbu"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-egy6-nku7-zyap"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-fzm9-e6bg-r7aw"},{"vulnerability":"VCID-j6ss-8f4e-e7g2"},{"vulnerability":"VCID-md7v-w5aq-t7h1"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-tc3m-4bkg-qkcf"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4"},{"url":"http://public2.vulnerablecode.io/api/packages/84090?format=json","purl":"pkg:composer/magento/community-edition@2.4.8-beta2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jsp-392b-2fgb"},{"vulnerability":"VCID-3g5s-hryc-5qa9"},{"vulnerability":"VCID-cafy-5dd8-rudj"},{"vulnerability":"VCID-ccx1-qacj-2qev"},{"vulnerability":"VCID-cm2a-1yc5-v3cy"},{"vulnerability":"VCID-dj5a-35gt-u7dn"},{"vulnerability":"VCID-eygc-ra9u-gyej"},{"vulnerability":"VCID-qrwc-3gsb-zkfy"},{"vulnerability":"VCID-th7y-aj51-mbaj"},{"vulnerability":"VCID-tzug-ckkn-dyft"},{"vulnerability":"VCID-wzu6-rbsv-mkde"},{"vulnerability":"VCID-xfvu-2zg4-ruf6"},{"vulnerability":"VCID-yyq6-dvyx-3bb9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}],"aliases":["CVE-2025-24436","GHSA-ghpr-6qhr-rpp8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y7x4-664r-3fbk"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2"}