CVE-2025-27189
MEDIUMAdobe Commerce < 2.4.8-beta2 - Cross-Site Request Forgery
Title source: llmDescription
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website.
References (1)
Core 1
Core References
Patch, Release Notes, Vendor Advisory vendor-advisory
https://helpx.adobe.com/security/products/magento/apsb25-26.html
Scores
CVSS v3
4.3
EPSS
0.0047
EPSS Percentile
64.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (7)
adobe/commerce_b2b
1.3.3 (4 CPE variants)
adobe/commerce_b2b
1.3.4 (4 CPE variants)
adobe/commerce_b2b
1.3.5 (4 CPE variants)
adobe/commerce_b2b
1.4.2 (5 CPE variants)
adobe/commerce_b2b
1.5.0
adobe/commerce_b2b
1.5.1
adobe/commerce_b2b
< 1.3.3
Published
Apr 08, 2025
Tracked Since
Feb 18, 2026