CVE-2025-61923

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-61923

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61923.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-61923

Aliases

GHSA-fpxp-pfqm-x54w

Published

2025-10-16T17:31:07.064Z

Modified

2026-04-10T05:33:52.157488Z

Severity

4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

Details

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61923.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-22"
    ]
}

References

Affected packages

Git / github.com/prestashopcorp/ps_checkout

Affected ranges

Type: GIT
Repo: https://github.com/prestashopcorp/ps_checkout
Events: Introduced

e5848ad90725de301e16cfb3440a40769e85fef3

Fixed

3f35535033d8a2118f456158a41129c695f25663

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61923.json"