GHSA-69x9-xp2j-w8g8 · Severity: high · Ecosystem: composer — Magento provides incorrect authorization through a security feature bypass
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction.
Conclusion & alert: CVE-2025-54263 is rated Low Risk (38.5/100): CVSS High severity, with low exploitation likelihood (EPSS 0.06%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-10-15 | — | 0.06% | — |
Full EPSS history (1 record total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.1 | 3.1 | HIGH |
|
2.8 | 5.2 | [email protected] |
GHSA-69x9-xp2j-w8g8 · Severity: high · Ecosystem: composer — Magento provides incorrect authorization through a security feature bypass
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:* |
| adobe | commerce | 2.4.4 | cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:* |
| adobe | commerce | 2.4.5 | cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:* |
| adobe | commerce | 2.4.6 | cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:* |
| adobe | commerce | 2.4.7 | cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:* |
| adobe | commerce | 2.4.7 | cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:* |
| adobe | commerce | 2.4.7 | cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:* |
| adobe | commerce | 2.4.7 | cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:* |
| adobe | commerce | 2.4.7 | cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:* |
| adobe | commerce | 2.4.7 | cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:* |
| adobe | commerce | 2.4.7 | cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:* |
| adobe | commerce | 2.4.7 | cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:* |
| adobe | commerce | 2.4.7 | cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:* |
| adobe | commerce | 2.4.7 | cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:* |
| adobe | commerce | 2.4.7 | cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:* |
| adobe | commerce | 2.4.8 | cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:* |
| adobe | commerce | 2.4.8 | cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:* |
| adobe | commerce | 2.4.8 | cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:* |
| adobe | commerce | 2.4.8 | cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:* |
| adobe | commerce | 2.4.8 | cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:* |
| adobe | commerce | 2.4.9 | cpe:2.3:a:adobe:commerce:2.4.9:alpha1:*:*:*:*:*:* |
| adobe | commerce | 2.4.9 | cpe:2.3:a:adobe:commerce:2.4.9:alpha2:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.3 | cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.4 | cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:* |
| adobe | commerce_b2b | 1.3.4 | cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/magento/apsb25-94.html | Vendor Advisory |