CVE-2025-61922

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-61922

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61922.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-61922

Aliases

GHSA-54hq-mf6h-48xh

Published

2025-10-16T17:26:14.999Z

Modified

2026-04-10T05:33:52.159621Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

PrestaShop Checkout allows customer account takeover via email

Details

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61922.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-287"
    ]
}

References

Affected packages

Git / github.com/prestashopcorp/ps_checkout

Affected ranges

Type: GIT
Repo: https://github.com/prestashopcorp/ps_checkout
Events: Introduced

e5848ad90725de301e16cfb3440a40769e85fef3

Fixed

3f35535033d8a2118f456158a41129c695f25663

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61922.json"