GHSA-r487-9vv5-75gg

Source

https://github.com/advisories/GHSA-r487-9vv5-75gg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r487-9vv5-75gg/GHSA-r487-9vv5-75gg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r487-9vv5-75gg

Aliases

CVE-2025-43585

Published

2025-06-10T18:32:26Z

Modified

2025-10-22T21:57:42.448493Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVSS Calculator

Summary

Magento Improper Authorization leading to security feature bypass

Details

Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction.

Database specific

{
    "cwe_ids": [
        "CWE-285"
    ],
    "github_reviewed_at": "2025-10-22T21:29:21Z",
    "nvd_published_at": "2025-06-10T16:15:40Z",
    "severity": "HIGH",
    "github_reviewed": true
}

References

Affected packages

Packagist

magento/project-community-edition

Package

Name: magento/project-community-edition
Purl: pkg:composer/magento/project-community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.0.2

Affected versions

0.*

0.1.0-alpha89

0.1.0-alpha90

0.1.0-alpha91

0.1.0-alpha92

0.1.0-alpha93

0.1.0-alpha94

0.1.0-alpha95

0.1.0-alpha96

0.1.0-alpha97

0.1.0-alpha98

0.1.0-alpha99

0.1.0-alpha100

0.1.0-alpha101

0.1.0-alpha102

0.1.0-alpha103

0.1.0-alpha104

0.1.0-alpha105

0.1.0-alpha106

0.1.0-alpha107

0.1.0-alpha108

0.42.0-beta1

0.42.0-beta2

0.42.0-beta3

0.42.0-beta4

0.42.0-beta5

0.42.0-beta6

0.42.0-beta7

0.42.0-beta8

0.42.0-beta9

0.42.0-beta10

0.42.0-beta11

0.74.0-beta1

0.74.0-beta2

0.74.0-beta3

0.74.0-beta4

0.74.0-beta5

0.74.0-beta6

0.74.0-beta7

0.74.0-beta8

0.74.0-beta9

0.74.0-beta10

0.74.0-beta11

0.74.0-beta12

0.74.0-beta13

0.74.0-beta14

0.74.0-beta15

0.74.0-beta16

1.*

1.0.0-beta

2.*

2.0.0-rc

2.0.0-rc2

2.0.0

2.0.1

2.0.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r487-9vv5-75gg/GHSA-r487-9vv5-75gg.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.7-beta1

Fixed

2.4.7-p6

Affected versions

2.*

2.4.7-beta1

2.4.7-beta2

2.4.7-beta3

2.4.7

2.4.7-p1

2.4.7-p2

2.4.7-p3

2.4.7-p4

2.4.7-p5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r487-9vv5-75gg/GHSA-r487-9vv5-75gg.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.6-p1

Fixed

2.4.6-p11

Affected versions

2.*

2.4.6-p1

2.4.6-p2

2.4.6-p3

2.4.6-p4

2.4.6-p5

2.4.6-p6

2.4.6-p7

2.4.6-p8

2.4.6-p9

2.4.6-p10

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r487-9vv5-75gg/GHSA-r487-9vv5-75gg.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.5-p13

Affected versions

0.*

0.1.0-alpha89

0.1.0-alpha90

0.1.0-alpha91

0.1.0-alpha92

0.1.0-alpha93

0.1.0-alpha94

0.1.0-alpha95

0.1.0-alpha96

0.1.0-alpha97

0.1.0-alpha98

0.1.0-alpha99

0.1.0-alpha100

0.1.0-alpha101

0.1.0-alpha102

0.1.0-alpha103

0.1.0-alpha104

0.1.0-alpha105

0.1.0-alpha106

0.1.0-alpha107

0.1.0-alpha108

0.42.0-beta1

0.42.0-beta2

0.42.0-beta3

0.42.0-beta4

0.42.0-beta5

0.42.0-beta6

0.42.0-beta7

0.42.0-beta8

0.42.0-beta9

0.42.0-beta10

0.42.0-beta11

0.74.0-beta1

0.74.0-beta2

0.74.0-beta3

0.74.0-beta4

0.74.0-beta5

0.74.0-beta6

0.74.0-beta7

0.74.0-beta8

0.74.0-beta9

0.74.0-beta10

0.74.0-beta11

0.74.0-beta12

0.74.0-beta13

0.74.0-beta14

0.74.0-beta15

0.74.0-beta16

1.*

1.0.0-beta

1.0.0-beta2

1.0.0-beta3

1.0.0-beta4

1.0.0-beta5

1.0.0-beta6

2.*

2.0.0-rc

2.0.0-rc2

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.2.11

2.3.0

2.3.1

2.3.2

2.3.2-p2

2.3.3

2.3.3-p1

2.3.4

2.3.4-p2

2.3.5

2.3.5-p1

2.3.5-p2

2.3.6

2.3.6-p1

2.3.7

2.3.7-p1

2.3.7-p2

2.3.7-p3

2.3.7-p4

2.4.0

2.4.0-p1

2.4.1

2.4.1-p1

2.4.2

2.4.2-p1

2.4.2-p2

2.4.3

2.4.3-p1

2.4.3-p2

2.4.3-p3

2.4.4

2.4.4-p1

2.4.4-p2

2.4.4-p3

2.4.4-p4

2.4.4-p5

2.4.4-p6

2.4.4-p7

2.4.4-p8

2.4.4-p9

2.4.4-p10

2.4.4-p11

2.4.4-p12

2.4.4-p13

2.4.5

2.4.5-p1

2.4.5-p2

2.4.5-p3

2.4.5-p4

2.4.5-p5

2.4.5-p6

2.4.5-p7

2.4.5-p8

2.4.5-p9

2.4.5-p10

2.4.5-p11

2.4.5-p12

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r487-9vv5-75gg/GHSA-r487-9vv5-75gg.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r487-9vv5-75gg/GHSA-r487-9vv5-75gg.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r487-9vv5-75gg/GHSA-r487-9vv5-75gg.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.7

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r487-9vv5-75gg/GHSA-r487-9vv5-75gg.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.8

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r487-9vv5-75gg/GHSA-r487-9vv5-75gg.json"