Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-jr49-4fs3-8qcp

Summary

Improper Authorization vulnerability in Magento and Adobe Commerce
Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

Aliases

alias	CVE-2025-24434

alias	GHSA-fppq-f2m6-xv5c

Fixed_packages

url	pkg:composer/magento/community-edition@2.4.4-p12
purl	pkg:composer/magento/community-edition@2.4.4-p12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.4-p12

url	pkg:composer/magento/community-edition@2.4.5-p11
purl	pkg:composer/magento/community-edition@2.4.5-p11
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p11

url	pkg:composer/magento/community-edition@2.4.6-p9
purl	pkg:composer/magento/community-edition@2.4.6-p9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p9

url	pkg:composer/magento/community-edition@2.4.7-p4
purl	pkg:composer/magento/community-edition@2.4.7-p4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-p4

url	pkg:composer/magento/community-edition@2.4.8-beta2
purl	pkg:composer/magento/community-edition@2.4.8-beta2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta2

Affected_packages

url pkg:composer/magento/community-edition@2.4.5-p1

purl pkg:composer/magento/community-edition@2.4.5-p1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2h52-3pt6-dfcw

vulnerability	VCID-2vsw-t8k2-4bfm

vulnerability	VCID-3et4-3zad-1qfn

vulnerability	VCID-3zcy-b3th-ukhd

vulnerability	VCID-525q-afzj-tkcp

vulnerability	VCID-5gxr-xksz-5ydb

vulnerability	VCID-6t9w-cnkz-s3c3

vulnerability	VCID-6tx4-wexr-fkbb

vulnerability	VCID-7ewa-w75h-qfdy

vulnerability	VCID-7hrm-jtbx-sqgm

vulnerability	VCID-7pr7-uqp1-sugt

vulnerability	VCID-7s3w-8dn6-jqh7

vulnerability	VCID-7s74-rdkp-vyaf

vulnerability	VCID-7s7e-adr6-h3dc

vulnerability	VCID-8hx4-r8bb-n7ge

vulnerability	VCID-8ky6-w2nk-9bds

vulnerability	VCID-8msu-s38a-p7e3

vulnerability	VCID-8shb-t5zp-rqbu

vulnerability	VCID-9cc9-npdc-8bac

vulnerability	VCID-9vrt-uccb-myev

vulnerability	VCID-a8gs-ervm-e3hm

vulnerability	VCID-a9b6-tenb-afdw

vulnerability	VCID-agtm-nkhp-dkdn

vulnerability	VCID-ayfe-5a7g-u7b7

vulnerability	VCID-az2w-5xhy-5fe4

vulnerability	VCID-b3cn-pjp3-4yhm

vulnerability	VCID-b4jg-dj1a-9qd5

vulnerability	VCID-b9ry-u6qy-j7cc

vulnerability	VCID-bch8-kq49-skhm

vulnerability	VCID-bera-73sm-bbh7

vulnerability	VCID-bkpz-ratd-e7ab

vulnerability	VCID-bzyh-c5tm-j7dn

vulnerability	VCID-cc8x-6es1-8kc5

vulnerability	VCID-cgwk-hn4t-n7c1

vulnerability	VCID-cqjn-3z6n-sff1

vulnerability	VCID-d2ab-j8bf-e7dx

vulnerability	VCID-d6mk-hg8h-7qbc

vulnerability	VCID-dpgz-dacm-sqg6

vulnerability	VCID-du16-f2wp-t3cw

vulnerability	VCID-dur2-pfke-h7hf

vulnerability	VCID-dx43-89w9-a7dg

vulnerability	VCID-e7zd-dn28-4bf1

vulnerability	VCID-e9zx-zy9y-2fcp

vulnerability	VCID-eahe-s41f-ckc1

vulnerability	VCID-egy6-nku7-zyap

vulnerability	VCID-evth-swm9-k3de

vulnerability	VCID-fz5y-um7w-63f4

vulnerability	VCID-fzam-yuyg-qyd5

vulnerability	VCID-fzm9-e6bg-r7aw

vulnerability	VCID-gedj-39p5-ubd6

vulnerability	VCID-gxj9-a1hc-47de

vulnerability	VCID-hbau-7tvg-cygz

vulnerability	VCID-hfbb-ax6r-tbaz

vulnerability	VCID-hh8a-mgkk-3yb5

vulnerability	VCID-j124-q39m-mkby

vulnerability	VCID-j5vp-2jrx-ukf4

vulnerability	VCID-j6ss-8f4e-e7g2

vulnerability	VCID-jhd5-tqph-3ufu

vulnerability	VCID-jr49-4fs3-8qcp

vulnerability	VCID-kezx-5nw5-hfen

vulnerability	VCID-kje4-asu6-dfg2

vulnerability	VCID-kq4m-anrt-rugn

vulnerability	VCID-kuzc-uv5b-v7an

vulnerability	VCID-kxnm-y19k-mqg2

vulnerability	VCID-m5z8-hz81-j7b7

vulnerability	VCID-m83v-51cy-uqar

vulnerability	VCID-mhvf-2keh-2qar

vulnerability	VCID-mjb6-7au8-5fdx

vulnerability	VCID-msac-ptqf-pyg1

vulnerability	VCID-mtr5-suag-2bdj

vulnerability	VCID-ns8t-vtcn-aqh4

vulnerability	VCID-p222-28c1-vfhy

vulnerability	VCID-qfw5-3tdu-x7g4

vulnerability	VCID-qgpx-hgzu-5qgp

vulnerability	VCID-qj4x-u7gx-9uf1

vulnerability	VCID-qp7s-amch-v3cd

vulnerability	VCID-qzqd-271b-ybfj

vulnerability	VCID-r4bw-w4t9-23ek

vulnerability	VCID-r7nh-arcj-8fb3

vulnerability	VCID-rbjk-3gcs-2qb5

vulnerability	VCID-rduw-apr6-4fdu

vulnerability	VCID-re84-qg3k-3ub3

vulnerability	VCID-rf6p-ct86-5bgz

vulnerability	VCID-ruru-fwmn-5kes

vulnerability	VCID-rxac-w9pd-aqe1

vulnerability	VCID-s4bp-kzfu-8qfy

vulnerability	VCID-s5e2-d6n8-kkbr

vulnerability	VCID-scg7-ugdn-53b9

vulnerability	VCID-shfz-pxan-v3ar

vulnerability	VCID-te3b-exz5-zke1

vulnerability	VCID-tvz9-8s4d-gbg6

vulnerability	VCID-txb3-ez5r-r7ek

vulnerability	VCID-ugyc-gehq-rudu

vulnerability	VCID-upcj-z3c1-ubcf

vulnerability	VCID-vu36-a1g1-nugt

vulnerability	VCID-vx13-4b1d-wbgp

vulnerability	VCID-w3zd-fezc-nuhd

vulnerability	VCID-wjfe-wh5k-1qft

vulnerability	VCID-ws6y-k3tx-r3gb

vulnerability	VCID-wvyx-2bbb-9yf7

100

vulnerability	VCID-x46d-a16g-nkg9

101

vulnerability	VCID-xfvu-2zg4-ruf6

102

vulnerability	VCID-xk5y-7a1w-zba9

103

vulnerability	VCID-xsq8-ztqh-ubb8

104

vulnerability	VCID-y1v3-9tyq-uqhd

105

vulnerability	VCID-y4r1-yr69-uuf6

106

vulnerability	VCID-y4u6-cy8y-hyae

107

vulnerability	VCID-y7x4-664r-3fbk

108

vulnerability	VCID-yuvf-e7hk-kqf9

109

vulnerability	VCID-z2v2-n138-6ydv

110

vulnerability	VCID-zdpz-8tc2-6kah

111

vulnerability	VCID-zt9b-9sjx-7qb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.5-p1

url pkg:composer/magento/community-edition@2.4.6-p1

purl pkg:composer/magento/community-edition@2.4.6-p1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jsp-392b-2fgb

vulnerability	VCID-2vsw-t8k2-4bfm

vulnerability	VCID-3g5s-hryc-5qa9

vulnerability	VCID-3zcy-b3th-ukhd

vulnerability	VCID-4dae-vty8-b7hk

vulnerability	VCID-5gxr-xksz-5ydb

vulnerability	VCID-6p6q-ctya-q3bv

vulnerability	VCID-6t9w-cnkz-s3c3

vulnerability	VCID-6tx4-wexr-fkbb

vulnerability	VCID-7hrm-jtbx-sqgm

vulnerability	VCID-7pr7-uqp1-sugt

vulnerability	VCID-7s3w-8dn6-jqh7

vulnerability	VCID-7s74-rdkp-vyaf

vulnerability	VCID-8hx4-r8bb-n7ge

vulnerability	VCID-8ky6-w2nk-9bds

vulnerability	VCID-8msu-s38a-p7e3

vulnerability	VCID-8shb-t5zp-rqbu

vulnerability	VCID-9cc9-npdc-8bac

vulnerability	VCID-9vrt-uccb-myev

vulnerability	VCID-a8gs-ervm-e3hm

vulnerability	VCID-a9b6-tenb-afdw

vulnerability	VCID-agtm-nkhp-dkdn

vulnerability	VCID-ayfe-5a7g-u7b7

vulnerability	VCID-b3cn-pjp3-4yhm

vulnerability	VCID-b4jg-dj1a-9qd5

vulnerability	VCID-b9ry-u6qy-j7cc

vulnerability	VCID-bch8-kq49-skhm

vulnerability	VCID-bera-73sm-bbh7

vulnerability	VCID-bkpz-ratd-e7ab

vulnerability	VCID-bzyh-c5tm-j7dn

vulnerability	VCID-cc8x-6es1-8kc5

vulnerability	VCID-ccx1-qacj-2qev

vulnerability	VCID-cgwk-hn4t-n7c1

vulnerability	VCID-cm2a-1yc5-v3cy

vulnerability	VCID-cqjn-3z6n-sff1

vulnerability	VCID-d6mk-hg8h-7qbc

vulnerability	VCID-dpgz-dacm-sqg6

vulnerability	VCID-du16-f2wp-t3cw

vulnerability	VCID-dur2-pfke-h7hf

vulnerability	VCID-e7zd-dn28-4bf1

vulnerability	VCID-e9zx-zy9y-2fcp

vulnerability	VCID-eahe-s41f-ckc1

vulnerability	VCID-egy6-nku7-zyap

vulnerability	VCID-evth-swm9-k3de

vulnerability	VCID-eygc-ra9u-gyej

vulnerability	VCID-fz5y-um7w-63f4

vulnerability	VCID-fzm9-e6bg-r7aw

vulnerability	VCID-gedj-39p5-ubd6

vulnerability	VCID-gxj9-a1hc-47de

vulnerability	VCID-hbau-7tvg-cygz

vulnerability	VCID-hfbb-ax6r-tbaz

vulnerability	VCID-j124-q39m-mkby

vulnerability	VCID-j5vp-2jrx-ukf4

vulnerability	VCID-j6ss-8f4e-e7g2

vulnerability	VCID-jhd5-tqph-3ufu

vulnerability	VCID-jr49-4fs3-8qcp

vulnerability	VCID-kezx-5nw5-hfen

vulnerability	VCID-kje4-asu6-dfg2

vulnerability	VCID-kq4m-anrt-rugn

vulnerability	VCID-kuzc-uv5b-v7an

vulnerability	VCID-kxnm-y19k-mqg2

vulnerability	VCID-m5z8-hz81-j7b7

vulnerability	VCID-m83v-51cy-uqar

vulnerability	VCID-md7v-w5aq-t7h1

vulnerability	VCID-mhvf-2keh-2qar

vulnerability	VCID-mjb6-7au8-5fdx

vulnerability	VCID-msac-ptqf-pyg1

vulnerability	VCID-ns8t-vtcn-aqh4

vulnerability	VCID-p222-28c1-vfhy

vulnerability	VCID-qfw5-3tdu-x7g4

vulnerability	VCID-qgpx-hgzu-5qgp

vulnerability	VCID-qj4x-u7gx-9uf1

vulnerability	VCID-qp7s-amch-v3cd

vulnerability	VCID-qzqd-271b-ybfj

vulnerability	VCID-r4bw-w4t9-23ek

vulnerability	VCID-r7nh-arcj-8fb3

vulnerability	VCID-rbjk-3gcs-2qb5

vulnerability	VCID-rduw-apr6-4fdu

vulnerability	VCID-re84-qg3k-3ub3

vulnerability	VCID-rf6p-ct86-5bgz

vulnerability	VCID-ruru-fwmn-5kes

vulnerability	VCID-rxac-w9pd-aqe1

vulnerability	VCID-s4bp-kzfu-8qfy

vulnerability	VCID-s5e2-d6n8-kkbr

vulnerability	VCID-scg7-ugdn-53b9

vulnerability	VCID-shfz-pxan-v3ar

vulnerability	VCID-tc3m-4bkg-qkcf

vulnerability	VCID-te3b-exz5-zke1

vulnerability	VCID-tvz9-8s4d-gbg6

vulnerability	VCID-txb3-ez5r-r7ek

vulnerability	VCID-tzug-ckkn-dyft

vulnerability	VCID-ugyc-gehq-rudu

vulnerability	VCID-vu36-a1g1-nugt

vulnerability	VCID-vx13-4b1d-wbgp

vulnerability	VCID-w3zd-fezc-nuhd

vulnerability	VCID-wvyx-2bbb-9yf7

vulnerability	VCID-wzu6-rbsv-mkde

vulnerability	VCID-xfvu-2zg4-ruf6

vulnerability	VCID-xk5y-7a1w-zba9

vulnerability	VCID-xsq8-ztqh-ubb8

100

vulnerability	VCID-y1v3-9tyq-uqhd

101

vulnerability	VCID-y4r1-yr69-uuf6

102

vulnerability	VCID-y4u6-cy8y-hyae

103

vulnerability	VCID-y7x4-664r-3fbk

104

vulnerability	VCID-z2v2-n138-6ydv

105

vulnerability	VCID-zdpz-8tc2-6kah

106

vulnerability	VCID-zt9b-9sjx-7qb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.6-p1

url pkg:composer/magento/community-edition@2.4.7-beta1

purl pkg:composer/magento/community-edition@2.4.7-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jsp-392b-2fgb

vulnerability	VCID-2vsw-t8k2-4bfm

vulnerability	VCID-3g5s-hryc-5qa9

vulnerability	VCID-3zcy-b3th-ukhd

vulnerability	VCID-4dae-vty8-b7hk

vulnerability	VCID-5gxr-xksz-5ydb

vulnerability	VCID-6p6q-ctya-q3bv

vulnerability	VCID-6t9w-cnkz-s3c3

vulnerability	VCID-6tx4-wexr-fkbb

vulnerability	VCID-7hrm-jtbx-sqgm

vulnerability	VCID-7pr7-uqp1-sugt

vulnerability	VCID-7s3w-8dn6-jqh7

vulnerability	VCID-7s74-rdkp-vyaf

vulnerability	VCID-8hx4-r8bb-n7ge

vulnerability	VCID-8ky6-w2nk-9bds

vulnerability	VCID-8msu-s38a-p7e3

vulnerability	VCID-8shb-t5zp-rqbu

vulnerability	VCID-9cc9-npdc-8bac

vulnerability	VCID-9vrt-uccb-myev

vulnerability	VCID-a8gs-ervm-e3hm

vulnerability	VCID-a9b6-tenb-afdw

vulnerability	VCID-agtm-nkhp-dkdn

vulnerability	VCID-b3cn-pjp3-4yhm

vulnerability	VCID-b4jg-dj1a-9qd5

vulnerability	VCID-b9ry-u6qy-j7cc

vulnerability	VCID-bch8-kq49-skhm

vulnerability	VCID-cafy-5dd8-rudj

vulnerability	VCID-cc8x-6es1-8kc5

vulnerability	VCID-ccx1-qacj-2qev

vulnerability	VCID-cm2a-1yc5-v3cy

vulnerability	VCID-cqjn-3z6n-sff1

vulnerability	VCID-d6mk-hg8h-7qbc

vulnerability	VCID-dj5a-35gt-u7dn

vulnerability	VCID-dpgz-dacm-sqg6

vulnerability	VCID-e9zx-zy9y-2fcp

vulnerability	VCID-eahe-s41f-ckc1

vulnerability	VCID-egy6-nku7-zyap

vulnerability	VCID-evth-swm9-k3de

vulnerability	VCID-eygc-ra9u-gyej

vulnerability	VCID-fz5y-um7w-63f4

vulnerability	VCID-gedj-39p5-ubd6

vulnerability	VCID-gxj9-a1hc-47de

vulnerability	VCID-hbau-7tvg-cygz

vulnerability	VCID-j6ss-8f4e-e7g2

vulnerability	VCID-jr49-4fs3-8qcp

vulnerability	VCID-kezx-5nw5-hfen

vulnerability	VCID-kje4-asu6-dfg2

vulnerability	VCID-kxnm-y19k-mqg2

vulnerability	VCID-m5z8-hz81-j7b7

vulnerability	VCID-m83v-51cy-uqar

vulnerability	VCID-md7v-w5aq-t7h1

vulnerability	VCID-mhvf-2keh-2qar

vulnerability	VCID-mjb6-7au8-5fdx

vulnerability	VCID-ns8t-vtcn-aqh4

vulnerability	VCID-qfw5-3tdu-x7g4

vulnerability	VCID-qgpx-hgzu-5qgp

vulnerability	VCID-qj4x-u7gx-9uf1

vulnerability	VCID-qp7s-amch-v3cd

vulnerability	VCID-qrwc-3gsb-zkfy

vulnerability	VCID-qzqd-271b-ybfj

vulnerability	VCID-r4bw-w4t9-23ek

vulnerability	VCID-r7nh-arcj-8fb3

vulnerability	VCID-rbjk-3gcs-2qb5

vulnerability	VCID-rduw-apr6-4fdu

vulnerability	VCID-re84-qg3k-3ub3

vulnerability	VCID-rf6p-ct86-5bgz

vulnerability	VCID-ruru-fwmn-5kes

vulnerability	VCID-rxac-w9pd-aqe1

vulnerability	VCID-s4bp-kzfu-8qfy

vulnerability	VCID-s5e2-d6n8-kkbr

vulnerability	VCID-scg7-ugdn-53b9

vulnerability	VCID-tc3m-4bkg-qkcf

vulnerability	VCID-te3b-exz5-zke1

vulnerability	VCID-th7y-aj51-mbaj

vulnerability	VCID-tvz9-8s4d-gbg6

vulnerability	VCID-txb3-ez5r-r7ek

vulnerability	VCID-tzug-ckkn-dyft

vulnerability	VCID-ugyc-gehq-rudu

vulnerability	VCID-vu36-a1g1-nugt

vulnerability	VCID-vx13-4b1d-wbgp

vulnerability	VCID-wvyx-2bbb-9yf7

vulnerability	VCID-wzu6-rbsv-mkde

vulnerability	VCID-xk5y-7a1w-zba9

vulnerability	VCID-xsq8-ztqh-ubb8

vulnerability	VCID-y1v3-9tyq-uqhd

vulnerability	VCID-y4r1-yr69-uuf6

vulnerability	VCID-y7x4-664r-3fbk

vulnerability	VCID-yyq6-dvyx-3bb9

vulnerability	VCID-z2v2-n138-6ydv

vulnerability	VCID-zdpz-8tc2-6kah

vulnerability	VCID-zt9b-9sjx-7qb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.7-beta1

url pkg:composer/magento/community-edition@2.4.8-beta1

purl pkg:composer/magento/community-edition@2.4.8-beta1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jsp-392b-2fgb

vulnerability	VCID-2vsw-t8k2-4bfm

vulnerability	VCID-3g5s-hryc-5qa9

vulnerability	VCID-6tx4-wexr-fkbb

vulnerability	VCID-7s74-rdkp-vyaf

vulnerability	VCID-8hx4-r8bb-n7ge

vulnerability	VCID-8ky6-w2nk-9bds

vulnerability	VCID-8shb-t5zp-rqbu

vulnerability	VCID-a9b6-tenb-afdw

vulnerability	VCID-b3cn-pjp3-4yhm

vulnerability	VCID-cafy-5dd8-rudj

vulnerability	VCID-ccx1-qacj-2qev

vulnerability	VCID-cm2a-1yc5-v3cy

vulnerability	VCID-d6mk-hg8h-7qbc

vulnerability	VCID-dj5a-35gt-u7dn

vulnerability	VCID-egy6-nku7-zyap

vulnerability	VCID-eygc-ra9u-gyej

vulnerability	VCID-fz5y-um7w-63f4

vulnerability	VCID-gedj-39p5-ubd6

vulnerability	VCID-hbau-7tvg-cygz

vulnerability	VCID-j6ss-8f4e-e7g2

vulnerability	VCID-jr49-4fs3-8qcp

vulnerability	VCID-mhvf-2keh-2qar

vulnerability	VCID-mjb6-7au8-5fdx

vulnerability	VCID-qp7s-amch-v3cd

vulnerability	VCID-qrwc-3gsb-zkfy

vulnerability	VCID-qzqd-271b-ybfj

vulnerability	VCID-r4bw-w4t9-23ek

vulnerability	VCID-re84-qg3k-3ub3

vulnerability	VCID-s4bp-kzfu-8qfy

vulnerability	VCID-scg7-ugdn-53b9

vulnerability	VCID-te3b-exz5-zke1

vulnerability	VCID-th7y-aj51-mbaj

vulnerability	VCID-tvz9-8s4d-gbg6

vulnerability	VCID-tzug-ckkn-dyft

vulnerability	VCID-wzu6-rbsv-mkde

vulnerability	VCID-xfvu-2zg4-ruf6

vulnerability	VCID-xsq8-ztqh-ubb8

vulnerability	VCID-y7x4-664r-3fbk

vulnerability	VCID-yyq6-dvyx-3bb9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/community-edition@2.4.8-beta1

url pkg:composer/magento/project-community-edition@2.0.2

purl pkg:composer/magento/project-community-edition@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1jsp-392b-2fgb

vulnerability	VCID-2h52-3pt6-dfcw

vulnerability	VCID-2vsw-t8k2-4bfm

vulnerability	VCID-2z3f-wtw6-yydf

vulnerability	VCID-36ve-7wxt-z7fz

vulnerability	VCID-3et4-3zad-1qfn

vulnerability	VCID-3zcy-b3th-ukhd

vulnerability	VCID-4dae-vty8-b7hk

vulnerability	VCID-525q-afzj-tkcp

vulnerability	VCID-5gxr-xksz-5ydb

vulnerability	VCID-6p6q-ctya-q3bv

vulnerability	VCID-6t9w-cnkz-s3c3

vulnerability	VCID-6tx4-wexr-fkbb

vulnerability	VCID-7hrm-jtbx-sqgm

vulnerability	VCID-7s74-rdkp-vyaf

vulnerability	VCID-7s7e-adr6-h3dc

vulnerability	VCID-8hx4-r8bb-n7ge

vulnerability	VCID-8ky6-w2nk-9bds

vulnerability	VCID-8msu-s38a-p7e3

vulnerability	VCID-8shb-t5zp-rqbu

vulnerability	VCID-9cc9-npdc-8bac

vulnerability	VCID-9vrt-uccb-myev

vulnerability	VCID-a8gs-ervm-e3hm

vulnerability	VCID-a9b6-tenb-afdw

vulnerability	VCID-agtm-nkhp-dkdn

vulnerability	VCID-az2w-5xhy-5fe4

vulnerability	VCID-b3cn-pjp3-4yhm

vulnerability	VCID-b4jg-dj1a-9qd5

vulnerability	VCID-b5hn-f1qk-z7cu

vulnerability	VCID-b9ry-u6qy-j7cc

vulnerability	VCID-cafy-5dd8-rudj

vulnerability	VCID-cc8x-6es1-8kc5

vulnerability	VCID-ccx1-qacj-2qev

vulnerability	VCID-cgwk-hn4t-n7c1

vulnerability	VCID-cm2a-1yc5-v3cy

vulnerability	VCID-cqjn-3z6n-sff1

vulnerability	VCID-d2ab-j8bf-e7dx

vulnerability	VCID-d6mk-hg8h-7qbc

vulnerability	VCID-dj5a-35gt-u7dn

vulnerability	VCID-dpgz-dacm-sqg6

vulnerability	VCID-dx43-89w9-a7dg

vulnerability	VCID-e9zx-zy9y-2fcp

vulnerability	VCID-egy6-nku7-zyap

vulnerability	VCID-eygc-ra9u-gyej

vulnerability	VCID-fz5y-um7w-63f4

vulnerability	VCID-fzam-yuyg-qyd5

vulnerability	VCID-fzm9-e6bg-r7aw

vulnerability	VCID-gedj-39p5-ubd6

vulnerability	VCID-hbau-7tvg-cygz

vulnerability	VCID-hh8a-mgkk-3yb5

vulnerability	VCID-j124-q39m-mkby

vulnerability	VCID-j5vp-2jrx-ukf4

vulnerability	VCID-j6ss-8f4e-e7g2

vulnerability	VCID-jhd5-tqph-3ufu

vulnerability	VCID-jr49-4fs3-8qcp

vulnerability	VCID-kezx-5nw5-hfen

vulnerability	VCID-kxnm-y19k-mqg2

vulnerability	VCID-m5z8-hz81-j7b7

vulnerability	VCID-m83v-51cy-uqar

vulnerability	VCID-md7v-w5aq-t7h1

vulnerability	VCID-mhvf-2keh-2qar

vulnerability	VCID-mjb6-7au8-5fdx

vulnerability	VCID-msac-ptqf-pyg1

vulnerability	VCID-mtr5-suag-2bdj

vulnerability	VCID-nn21-hf8r-ykfd

vulnerability	VCID-p222-28c1-vfhy

vulnerability	VCID-qfw5-3tdu-x7g4

vulnerability	VCID-qj4x-u7gx-9uf1

vulnerability	VCID-qp7s-amch-v3cd

vulnerability	VCID-qrwc-3gsb-zkfy

vulnerability	VCID-qzqd-271b-ybfj

vulnerability	VCID-r4bw-w4t9-23ek

vulnerability	VCID-r7nh-arcj-8fb3

vulnerability	VCID-rbjk-3gcs-2qb5

vulnerability	VCID-re84-qg3k-3ub3

vulnerability	VCID-rf6p-ct86-5bgz

vulnerability	VCID-ruru-fwmn-5kes

vulnerability	VCID-s4bp-kzfu-8qfy

vulnerability	VCID-s5e2-d6n8-kkbr

vulnerability	VCID-scg7-ugdn-53b9

vulnerability	VCID-tc3m-4bkg-qkcf

vulnerability	VCID-te3b-exz5-zke1

vulnerability	VCID-th7y-aj51-mbaj

vulnerability	VCID-tvz9-8s4d-gbg6

vulnerability	VCID-tzug-ckkn-dyft

vulnerability	VCID-upcj-z3c1-ubcf

vulnerability	VCID-w3zd-fezc-nuhd

vulnerability	VCID-wjfe-wh5k-1qft

vulnerability	VCID-ws6y-k3tx-r3gb

vulnerability	VCID-wzu6-rbsv-mkde

vulnerability	VCID-x46d-a16g-nkg9

vulnerability	VCID-xsq8-ztqh-ubb8

vulnerability	VCID-y4r1-yr69-uuf6

vulnerability	VCID-y7x4-664r-3fbk

vulnerability	VCID-y93w-2qcc-wqg8

vulnerability	VCID-yuvf-e7hk-kqf9

vulnerability	VCID-yyq6-dvyx-3bb9

vulnerability	VCID-zt9b-9sjx-7qb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/magento/project-community-edition@2.0.2

References

reference_url

https://github.com/magento/magento2

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/magento/magento2

reference_url

https://helpx.adobe.com/security/products/magento/apsb25-08.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://helpx.adobe.com/security/products/magento/apsb25-08.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-24434

reference_id

CVE-2025-24434

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-24434

reference_url	https://github.com/advisories/GHSA-fppq-f2m6-xv5c
reference_id	GHSA-fppq-f2m6-xv5c
reference_type
scores
url	https://github.com/advisories/GHSA-fppq-f2m6-xv5c

Weaknesses

cwe_id	285
name	Improper Authorization
description	The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

cwe_id	863
name	Incorrect Authorization
description	The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 9.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jr49-4fs3-8qcp

Vulnerability Instance