CVE-2025-61924

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-61924

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61924.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-61924

Aliases

GHSA-wvpg-4wrh-5889

Published

2025-10-16T17:33:49.254Z

Modified

2026-04-10T05:33:52.160960Z

Severity

3.8 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

PrestaShop Checkout Target PayPal merchant account hijacking from backoffice

Details

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP array_search(). The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/61xxx/CVE-2025-61924.json",
    "cwe_ids": [
        "CWE-184"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/prestashopcorp/ps_checkout

Affected ranges

Type: GIT
Repo: https://github.com/prestashopcorp/ps_checkout
Events: Introduced

e5848ad90725de301e16cfb3440a40769e85fef3

Fixed

3f35535033d8a2118f456158a41129c695f25663

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-61924.json"