Vulnerability Details CVE-2025-7954
A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.7%
CVSS Severity
CVSS v3 Score 8.1
References
Products affected by CVE-2025-7954
-
cpe:2.3:a:shopware:shopware:6.6.0.0
-
cpe:2.3:a:shopware:shopware:6.6.0.1
-
cpe:2.3:a:shopware:shopware:6.6.0.2
-
cpe:2.3:a:shopware:shopware:6.6.0.3
-
cpe:2.3:a:shopware:shopware:6.6.1.0
-
cpe:2.3:a:shopware:shopware:6.6.1.1
-
cpe:2.3:a:shopware:shopware:6.6.1.2
-
cpe:2.3:a:shopware:shopware:6.6.10.0
-
cpe:2.3:a:shopware:shopware:6.6.10.1
-
cpe:2.3:a:shopware:shopware:6.6.10.2
-
cpe:2.3:a:shopware:shopware:6.6.10.3
-
cpe:2.3:a:shopware:shopware:6.6.10.4
-
cpe:2.3:a:shopware:shopware:6.6.10.5
-
cpe:2.3:a:shopware:shopware:6.6.10.6
-
cpe:2.3:a:shopware:shopware:6.6.2.0
-
cpe:2.3:a:shopware:shopware:6.6.3.0
-
cpe:2.3:a:shopware:shopware:6.6.3.1
-
cpe:2.3:a:shopware:shopware:6.6.4.0
-
cpe:2.3:a:shopware:shopware:6.6.4.1
-
cpe:2.3:a:shopware:shopware:6.6.5.0
-
cpe:2.3:a:shopware:shopware:6.6.5.1
-
cpe:2.3:a:shopware:shopware:6.6.6.0
-
cpe:2.3:a:shopware:shopware:6.6.6.1
-
cpe:2.3:a:shopware:shopware:6.6.7.0
-
cpe:2.3:a:shopware:shopware:6.6.7.1
-
cpe:2.3:a:shopware:shopware:6.6.8.0
-
cpe:2.3:a:shopware:shopware:6.6.8.1
-
cpe:2.3:a:shopware:shopware:6.6.8.2
-
cpe:2.3:a:shopware:shopware:6.6.9.0
-
cpe:2.3:a:shopware:shopware:6.7.0.0
-
cpe:2.3:a:shopware:shopware:6.7.0.1
-
cpe:2.3:a:shopware:shopware:6.7.1.0
-
cpe:2.3:a:shopware:shopware:6.7.1.1
-
cpe:2.3:a:shopware:shopware:6.7.1.2