CVE-2025-27189

{"id": "CVE-2025-27189", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@adobe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-04-08T21:15:50.567", "references": [{"url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website."}, {"lang": "es", "value": "Las versiones 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 y anteriores de Adobe Commerce se ven afectadas por una vulnerabilidad de Cross-Site Request Forgery (CSRF) que podr\u00eda explotarse para provocar una denegaci\u00f3n de servicio. Un atacante podr\u00eda enga\u00f1ar a un usuario conectado para que env\u00ede una solicitud falsificada a la aplicaci\u00f3n vulnerable, lo que podr\u00eda interrumpir la disponibilidad del servicio. Para explotar este problema, se requiere la interacci\u00f3n del usuario, generalmente haciendo clic en un enlace malicioso o visitando un sitio web controlado por el atacante."}], "lastModified": "2025-04-30T14:59:09.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:commerce_b2b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28120C2E-10AD-4476-B6C3-BE3A43946068", "versionEndExcluding": "1.3.3"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6DF9B16-DF4F-4EFC-8747-2CEEA71477DB"}, {"criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7671E11-AC9A-47CA-9FE5-C7DEEA708468"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}