Vulnerability Details CVE-2025-49554
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.6%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-49554
-
cpe:2.3:a:adobe:commerce:2.3.7
-
cpe:2.3:a:adobe:commerce:2.4.0
-
cpe:2.3:a:adobe:commerce:2.4.1
-
cpe:2.3:a:adobe:commerce:2.4.2
-
cpe:2.3:a:adobe:commerce:2.4.3
-
cpe:2.3:a:adobe:commerce:2.4.4
-
cpe:2.3:a:adobe:commerce:2.4.5
-
cpe:2.3:a:adobe:commerce:2.4.6
-
cpe:2.3:a:adobe:commerce:2.4.7
-
cpe:2.3:a:adobe:commerce:2.4.8
-
cpe:2.3:a:adobe:commerce_b2b:1.2.0
-
cpe:2.3:a:adobe:commerce_b2b:1.3.3
-
cpe:2.3:a:adobe:commerce_b2b:1.3.4
-
cpe:2.3:a:adobe:commerce_b2b:1.3.5
-
cpe:2.3:a:adobe:commerce_b2b:1.4.2
-
cpe:2.3:a:adobe:commerce_b2b:1.5.2
-
cpe:2.3:a:adobe:commerce_b2b:1.5.3
-
cpe:2.3:a:adobe:magento:2.4.4
-
cpe:2.3:a:adobe:magento:2.4.5
-
cpe:2.3:a:adobe:magento:2.4.6
-
cpe:2.3:a:adobe:magento:2.4.7
-
cpe:2.3:a:adobe:magento:2.4.8
-
cpe:2.3:a:adobe:magento:2.4.9