CVE-2025-58442
- Source
- https://cve.org/CVERecord?id=CVE-2025-58442
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58442.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-58442
- Aliases
-
- GHSA-8w67-mfm5-fwx5
- Published
- 2025-09-09T19:46:45.798Z
- Modified
- 2026-04-10T05:32:56.343934Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Saleor has user enumeration vulnerability due to different error messages
- Details
-
Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of
accountRegistermay result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the issue. As a workaround, rate-limit the mutation to reduce the impact. - Database specific
{ "cwe_ids": [ "CWE-204" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58442.json" }- References
-
- https://github.com/saleor/saleor/releases/tag/3.21.16
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58442.json
- https://github.com/saleor/saleor/security/advisories/GHSA-8w67-mfm5-fwx5
- https://nvd.nist.gov/vuln/detail/CVE-2025-58442
- https://github.com/saleor/saleor/commit/09d671e91ea53a44352d5f685083dc05a2f55e95
- https://github.com/saleor/saleor/commit/b35783838e51cfc118e07d632f64b01bc3a2c4bb
Affected packages
Git / github.com/saleor/saleor
Affected ranges
- Type
- GIT
- Repo
- https://github.com/saleor/saleor
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/saleor/saleor
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/saleor/saleor
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0.0
2.1.0
2.10.0
2.10.0-rc.1
2.10.0-rc.2
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.8.0
2.9.0
3.*
3.0.0-a.0
3.11.0-a.0
3.12.0-a.0
3.13.0-a.0
3.14.67
3.14.84
3.15.0-a.0
3.15.41
3.16.0-a.0
3.16.42
3.17.0-a.0
3.17.69
3.18.0-a.0
3.19.0-a.0
3.2.0
3.21.0
3.21.0-a.0
3.21.0-a.4
3.21.0-a.5
3.21.0-a.6
3.21.1
3.21.10
3.21.11
3.21.12
3.21.13
3.21.14
3.21.15
3.21.2
3.21.3
3.21.4
3.21.5
3.21.6
3.21.7
3.21.8
3.21.9
v2016.*
v2016.07.0
v2017.*
v2017.02.0
v2017.02.1
v2017.03.0
v2017.03.1
v2017.03.2
v2017.03.3
v2017.03.4
v2017.07.0
v2017.09
v2017.10
v2017.11
v2017.12
v2017.12.1
v2018.*
v2018.01
v2018.02
v2018.03
v2018.04
v2018.05
v2018.06
v2018.08
v2018.09