Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Adobe | Adobe Commerce | affected |
|
Configuration 1 [-]
|
No data.
| Vendor | Product | Confidence | Versions |
|---|---|---|---|
| Adobe | Adobe Commerce | — | — |
| Adobe | Commerce | — | — |
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2025-17707 | Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. |
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Fri, 11 Jul 2025 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Adobe
Adobe commerce B2b |
|
| CPEs | cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:* cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:* |
|
| Vendors & Products |
Adobe
Adobe commerce B2b |
Tue, 10 Jun 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 10 Jun 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. | |
| Title | Adobe Commerce | Improper Access Control (CWE-284) | |
| Weaknesses | CWE-284 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: adobe
Published:
Updated: 2026-02-26T17:51:03.095Z
Reserved: 2025-02-19T22:28:19.025Z
Link: CVE-2025-27207
Vulnrichment
Updated: 2025-06-10T16:25:04.785Z
NVD
Status : Analyzed
Published: 2025-06-10T16:15:36.433
Modified: 2025-07-11T16:42:26.887
Link: CVE-2025-27207
Redhat
No data.
OpenCVE Enrichment
Updated: 2025-06-24T09:51:39Z