CVE Vulnerabilities

CVE-2025-27192

Insufficiently Protected Credentials

Published: Apr 08, 2025 | Modified: May 20, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
Commerce Adobe * 2.4.4 (excluding)
Commerce Adobe 2.4.4 (including) 2.4.4 (including)
Commerce Adobe 2.4.4-p1 (including) 2.4.4-p1 (including)
Commerce Adobe 2.4.4-p10 (including) 2.4.4-p10 (including)
Commerce Adobe 2.4.4-p11 (including) 2.4.4-p11 (including)
Commerce Adobe 2.4.4-p12 (including) 2.4.4-p12 (including)
Commerce Adobe 2.4.4-p2 (including) 2.4.4-p2 (including)
Commerce Adobe 2.4.4-p3 (including) 2.4.4-p3 (including)
Commerce Adobe 2.4.4-p4 (including) 2.4.4-p4 (including)
Commerce Adobe 2.4.4-p5 (including) 2.4.4-p5 (including)
Commerce Adobe 2.4.4-p6 (including) 2.4.4-p6 (including)
Commerce Adobe 2.4.4-p7 (including) 2.4.4-p7 (including)
Commerce Adobe 2.4.4-p8 (including) 2.4.4-p8 (including)
Commerce Adobe 2.4.4-p9 (including) 2.4.4-p9 (including)
Commerce Adobe 2.4.5 (including) 2.4.5 (including)
Commerce Adobe 2.4.5-p1 (including) 2.4.5-p1 (including)
Commerce Adobe 2.4.5-p10 (including) 2.4.5-p10 (including)
Commerce Adobe 2.4.5-p11 (including) 2.4.5-p11 (including)
Commerce Adobe 2.4.5-p2 (including) 2.4.5-p2 (including)
Commerce Adobe 2.4.5-p3 (including) 2.4.5-p3 (including)
Commerce Adobe 2.4.5-p4 (including) 2.4.5-p4 (including)
Commerce Adobe 2.4.5-p5 (including) 2.4.5-p5 (including)
Commerce Adobe 2.4.5-p6 (including) 2.4.5-p6 (including)
Commerce Adobe 2.4.5-p7 (including) 2.4.5-p7 (including)
Commerce Adobe 2.4.5-p8 (including) 2.4.5-p8 (including)
Commerce Adobe 2.4.5-p9 (including) 2.4.5-p9 (including)
Commerce Adobe 2.4.6 (including) 2.4.6 (including)
Commerce Adobe 2.4.6-p1 (including) 2.4.6-p1 (including)
Commerce Adobe 2.4.6-p2 (including) 2.4.6-p2 (including)
Commerce Adobe 2.4.6-p3 (including) 2.4.6-p3 (including)
Commerce Adobe 2.4.6-p4 (including) 2.4.6-p4 (including)
Commerce Adobe 2.4.6-p5 (including) 2.4.6-p5 (including)
Commerce Adobe 2.4.6-p6 (including) 2.4.6-p6 (including)
Commerce Adobe 2.4.6-p7 (including) 2.4.6-p7 (including)
Commerce Adobe 2.4.6-p8 (including) 2.4.6-p8 (including)
Commerce Adobe 2.4.6-p9 (including) 2.4.6-p9 (including)
Commerce Adobe 2.4.7 (including) 2.4.7 (including)
Commerce Adobe 2.4.7-b1 (including) 2.4.7-b1 (including)
Commerce Adobe 2.4.7-b2 (including) 2.4.7-b2 (including)
Commerce Adobe 2.4.7-beta3 (including) 2.4.7-beta3 (including)
Commerce Adobe 2.4.7-p1 (including) 2.4.7-p1 (including)
Commerce Adobe 2.4.7-p2 (including) 2.4.7-p2 (including)
Commerce Adobe 2.4.7-p3 (including) 2.4.7-p3 (including)
Commerce Adobe 2.4.7-p4 (including) 2.4.7-p4 (including)
Commerce Adobe 2.4.8-beta2 (including) 2.4.8-beta2 (including)

Potential Mitigations

References