1+ {
2+ "schema_version" : " 1.4.0"
3+ "id" : " GHSA-xgfm-992v-h2hr"
4+ "modified" : " 2025-10-21T21:27:49Z"
5+ "published" : " 2025-08-12T18:31:30Z"
6+ "aliases" : [
7+ " CVE-2025-49554"
8+ ],
9+ "summary" : " Magento vulnerable to denial of service"
10+ "details" : " Magento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction."
11+ "severity" : [
12+ {
13+ "type" : " CVSS_V3"
14+ "score" : " CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
15+ }
16+ ],
17+ "affected" : [
18+ {
19+ "package" : {
20+ "ecosystem" : " Packagist"
21+ "name" : " magento/project-community-edition"
22+ },
23+ "ranges" : [
24+ {
25+ "type" : " ECOSYSTEM"
26+ "events" : [
27+ {
28+ "introduced" : " 0"
29+ },
30+ {
31+ "last_affected" : " 2.0.2"
32+ }
33+ ]
34+ }
35+ ]
36+ },
37+ {
38+ "package" : {
39+ "ecosystem" : " Packagist"
40+ "name" : " magento/community-edition"
41+ },
42+ "ranges" : [
43+ {
44+ "type" : " ECOSYSTEM"
45+ "events" : [
46+ {
47+ "introduced" : " 2.4.9-alpha1"
48+ },
49+ {
50+ "fixed" : " 2.4.9-alpha2"
51+ }
52+ ]
53+ }
54+ ]
55+ },
56+ {
57+ "package" : {
58+ "ecosystem" : " Packagist"
59+ "name" : " magento/community-edition"
60+ },
61+ "ranges" : [
62+ {
63+ "type" : " ECOSYSTEM"
64+ "events" : [
65+ {
66+ "introduced" : " 2.4.8-beta1"
67+ },
68+ {
69+ "fixed" : " 2.4.8-p2"
70+ }
71+ ]
72+ }
73+ ]
74+ },
75+ {
76+ "package" : {
77+ "ecosystem" : " Packagist"
78+ "name" : " magento/community-edition"
79+ },
80+ "ranges" : [
81+ {
82+ "type" : " ECOSYSTEM"
83+ "events" : [
84+ {
85+ "introduced" : " 2.4.7-beta1"
86+ },
87+ {
88+ "fixed" : " 2.4.7-p7"
89+ }
90+ ]
91+ }
92+ ]
93+ },
94+ {
95+ "package" : {
96+ "ecosystem" : " Packagist"
97+ "name" : " magento/community-edition"
98+ },
99+ "ranges" : [
100+ {
101+ "type" : " ECOSYSTEM"
102+ "events" : [
103+ {
104+ "introduced" : " 2.4.6-p1"
105+ },
106+ {
107+ "fixed" : " 2.4.6-p12"
108+ }
109+ ]
110+ }
111+ ]
112+ },
113+ {
114+ "package" : {
115+ "ecosystem" : " Packagist"
116+ "name" : " magento/community-edition"
117+ },
118+ "ranges" : [
119+ {
120+ "type" : " ECOSYSTEM"
121+ "events" : [
122+ {
123+ "introduced" : " 0"
124+ },
125+ {
126+ "fixed" : " 2.4.5-p14"
127+ }
128+ ]
129+ }
130+ ]
131+ },
132+ {
133+ "package" : {
134+ "ecosystem" : " Packagist"
135+ "name" : " magento/community-edition"
136+ },
137+ "versions" : [
138+ " 2.4.5"
139+ ]
140+ },
141+ {
142+ "package" : {
143+ "ecosystem" : " Packagist"
144+ "name" : " magento/community-edition"
145+ },
146+ "versions" : [
147+ " 2.4.6"
148+ ]
149+ },
150+ {
151+ "package" : {
152+ "ecosystem" : " Packagist"
153+ "name" : " magento/community-edition"
154+ },
155+ "versions" : [
156+ " 2.4.7"
157+ ]
158+ },
159+ {
160+ "package" : {
161+ "ecosystem" : " Packagist"
162+ "name" : " magento/community-edition"
163+ },
164+ "versions" : [
165+ " 2.4.8"
166+ ]
167+ }
168+ ],
169+ "references" : [
170+ {
171+ "type" : " ADVISORY"
172+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2025-49554"
173+ },
174+ {
175+ "type" : " PACKAGE"
176+ "url" : " https://github.com/magento/magento2"
177+ },
178+ {
179+ "type" : " WEB"
180+ "url" : " https://helpx.adobe.com/security/products/magento/apsb25-71.html"
181+ }
182+ ],
183+ "database_specific" : {
184+ "cwe_ids" : [
185+ " CWE-20"
186+ ],
187+ "severity" : " HIGH"
188+ "github_reviewed" : true ,
189+ "github_reviewed_at" : " 2025-10-21T21:27:49Z"
190+ "nvd_published_at" : " 2025-08-12T18:15:28Z"
191+ }
192+ }
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments