Skip to content

Commit 5e2b7fd

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-r355-75hw-r8jf GHSA-r355-75hw-r8jf
1 parent a5fad8f commit 5e2b7fd

File tree

2 files changed

+164
-36
lines changed

2 files changed

+164
-36
lines changed

advisories/github-reviewed/2025/10/GHSA-r355-75hw-r8jf/GHSA-r355-75hw-r8jf.json

Lines changed: 164 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,164 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-r355-75hw-r8jf",
4+
"modified": "2025-10-20T21:05:53Z",
5+
"published": "2025-10-14T21:30:48Z",
6+
"aliases": [
7+
"CVE-2025-54265"
8+
],
9+
"summary": "Magento allows incorrect authorization",
10+
"details": "Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "magento/community-edition"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "2.4.9-alpha1"
29+
},
30+
{
31+
"fixed": "2.4.9-alpha3"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "magento/community-edition"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "2.4.8-beta1"
48+
},
49+
{
50+
"fixed": "2.4.8-p3"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "magento/community-edition"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "2.4.7-beta1"
67+
},
68+
{
69+
"fixed": "2.4.7-p8"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Packagist",
78+
"name": "magento/community-edition"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "0"
86+
},
87+
{
88+
"fixed": "2.4.6-p13"
89+
}
90+
]
91+
}
92+
]
93+
},
94+
{
95+
"package": {
96+
"ecosystem": "Packagist",
97+
"name": "magento/community-edition"
98+
},
99+
"versions": [
100+
"2.4.8"
101+
]
102+
},
103+
{
104+
"package": {
105+
"ecosystem": "Packagist",
106+
"name": "magento/community-edition"
107+
},
108+
"versions": [
109+
"2.4.7"
110+
]
111+
},
112+
{
113+
"package": {
114+
"ecosystem": "Packagist",
115+
"name": "magento/community-edition"
116+
},
117+
"versions": [
118+
"2.4.6"
119+
]
120+
},
121+
{
122+
"package": {
123+
"ecosystem": "Packagist",
124+
"name": "magento/project-community-edition"
125+
},
126+
"ranges": [
127+
{
128+
"type": "ECOSYSTEM",
129+
"events": [
130+
{
131+
"introduced": "0"
132+
},
133+
{
134+
"last_affected": "2.0.2"
135+
}
136+
]
137+
}
138+
]
139+
}
140+
],
141+
"references": [
142+
{
143+
"type": "ADVISORY",
144+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54265"
145+
},
146+
{
147+
"type": "PACKAGE",
148+
"url": "https://github.com/magento/magento2"
149+
},
150+
{
151+
"type": "WEB",
152+
"url": "https://helpx.adobe.com/security/products/magento/apsb25-94.html"
153+
}
154+
],
155+
"database_specific": {
156+
"cwe_ids": [
157+
"CWE-863"
158+
],
159+
"severity": "MODERATE",
160+
"github_reviewed": true,
161+
"github_reviewed_at": "2025-10-20T21:05:53Z",
162+
"nvd_published_at": "2025-10-14T21:15:35Z"
163+
}
164+
}

advisories/unreviewed/2025/10/GHSA-r355-75hw-r8jf/GHSA-r355-75hw-r8jf.json

Lines changed: 0 additions & 36 deletions
This file was deleted.

0 commit comments

Comments
 (0)