Skip to content

Commit 02c8ff2

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-qvwr-p3hj-j6jf GHSA-qvwr-p3hj-j6jf
1 parent 5804758 commit 02c8ff2

File tree

2 files changed

+164
-36
lines changed

2 files changed

+164
-36
lines changed

advisories/github-reviewed/2025/10/GHSA-qvwr-p3hj-j6jf/GHSA-qvwr-p3hj-j6jf.json

Lines changed: 164 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,164 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-qvwr-p3hj-j6jf",
4+
"modified": "2025-10-21T20:49:43Z",
5+
"published": "2025-10-14T21:30:48Z",
6+
"aliases": [
7+
"CVE-2025-54267"
8+
],
9+
"summary": "Magento vulnerable to privilege escalation due to incorrect authorization",
10+
"details": "Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that increase integrity impact to high. Exploitation of this issue does not require user interaction.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "magento/project-community-edition"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"last_affected": "2.0.2"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "magento/community-edition"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "2.4.9-alpha1"
48+
},
49+
{
50+
"fixed": "2.4.9-alpha3"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "magento/community-edition"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "2.4.8-beta1"
67+
},
68+
{
69+
"fixed": "2.4.8-p3"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Packagist",
78+
"name": "magento/community-edition"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "2.4.7-beta1"
86+
},
87+
{
88+
"fixed": "2.4.7-p8"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "Packagist",
97+
"name": "magento/community-edition"
98+
},
99+
"ranges": [
100+
{
101+
"type": "ECOSYSTEM",
102+
"events": [
103+
{
104+
"introduced": "0"
105+
},
106+
{
107+
"fixed": "2.4.6-p13"
108+
}
109+
]
110+
}
111+
]
112+
},
113+
{
114+
"package": {
115+
"ecosystem": "Packagist",
116+
"name": "magento/community-edition"
117+
},
118+
"versions": [
119+
"2.4.8"
120+
]
121+
},
122+
{
123+
"package": {
124+
"ecosystem": "Packagist",
125+
"name": "magento/community-edition"
126+
},
127+
"versions": [
128+
"2.4.7"
129+
]
130+
},
131+
{
132+
"package": {
133+
"ecosystem": "Packagist",
134+
"name": "magento/community-edition"
135+
},
136+
"versions": [
137+
"2.4.6"
138+
]
139+
}
140+
],
141+
"references": [
142+
{
143+
"type": "ADVISORY",
144+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54267"
145+
},
146+
{
147+
"type": "PACKAGE",
148+
"url": "https://github.com/magento/magento2"
149+
},
150+
{
151+
"type": "WEB",
152+
"url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html"
153+
}
154+
],
155+
"database_specific": {
156+
"cwe_ids": [
157+
"CWE-863"
158+
],
159+
"severity": "MODERATE",
160+
"github_reviewed": true,
161+
"github_reviewed_at": "2025-10-21T20:49:43Z",
162+
"nvd_published_at": "2025-10-14T21:15:35Z"
163+
}
164+
}

advisories/unreviewed/2025/10/GHSA-qvwr-p3hj-j6jf/GHSA-qvwr-p3hj-j6jf.json

Lines changed: 0 additions & 36 deletions
This file was deleted.

0 commit comments

Comments
 (0)