GHSA-vhcq-4xrm-2cr2

Source

https://github.com/advisories/GHSA-vhcq-4xrm-2cr2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-vhcq-4xrm-2cr2/GHSA-vhcq-4xrm-2cr2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vhcq-4xrm-2cr2

Aliases

CVE-2025-27191

Published

2025-04-08T21:31:41Z

Modified

2025-10-23T22:44:43.279253Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Magento Improper Access Control leads to Security feature bypass

Details

Magento versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

Database specific

{
    "cwe_ids": [
        "CWE-284"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "nvd_published_at": "2025-04-08T21:15:50Z",
    "github_reviewed_at": "2025-10-23T22:22:03Z"
}

References

Affected packages

Packagist

magento/project-community-edition

Package

Name: magento/project-community-edition
Purl: pkg:composer/magento/project-community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.0.2

Affected versions

0.*

0.1.0-alpha89

0.1.0-alpha90

0.1.0-alpha91

0.1.0-alpha92

0.1.0-alpha93

0.1.0-alpha94

0.1.0-alpha95

0.1.0-alpha96

0.1.0-alpha97

0.1.0-alpha98

0.1.0-alpha99

0.1.0-alpha100

0.1.0-alpha101

0.1.0-alpha102

0.1.0-alpha103

0.1.0-alpha104

0.1.0-alpha105

0.1.0-alpha106

0.1.0-alpha107

0.1.0-alpha108

0.42.0-beta1

0.42.0-beta2

0.42.0-beta3

0.42.0-beta4

0.42.0-beta5

0.42.0-beta6

0.42.0-beta7

0.42.0-beta8

0.42.0-beta9

0.42.0-beta10

0.42.0-beta11

0.74.0-beta1

0.74.0-beta2

0.74.0-beta3

0.74.0-beta4

0.74.0-beta5

0.74.0-beta6

0.74.0-beta7

0.74.0-beta8

0.74.0-beta9

0.74.0-beta10

0.74.0-beta11

0.74.0-beta12

0.74.0-beta13

0.74.0-beta14

0.74.0-beta15

0.74.0-beta16

1.*

1.0.0-beta

2.*

2.0.0-rc

2.0.0-rc2

2.0.0

2.0.1

2.0.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-vhcq-4xrm-2cr2/GHSA-vhcq-4xrm-2cr2.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.7-beta1

Fixed

2.4.7-p5

Affected versions

2.*

2.4.7-beta1

2.4.7-beta2

2.4.7-beta3

2.4.7

2.4.7-p1

2.4.7-p2

2.4.7-p3

2.4.7-p4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-vhcq-4xrm-2cr2/GHSA-vhcq-4xrm-2cr2.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.6-p1

Fixed

2.4.6-p10

Affected versions

2.*

2.4.6-p1

2.4.6-p2

2.4.6-p3

2.4.6-p4

2.4.6-p5

2.4.6-p6

2.4.6-p7

2.4.6-p8

2.4.6-p9

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-vhcq-4xrm-2cr2/GHSA-vhcq-4xrm-2cr2.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.5-p1

Fixed

2.4.5-p12

Affected versions

2.*

2.4.5-p1

2.4.5-p2

2.4.5-p3

2.4.5-p4

2.4.5-p5

2.4.5-p6

2.4.5-p7

2.4.5-p8

2.4.5-p9

2.4.5-p10

2.4.5-p11

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-vhcq-4xrm-2cr2/GHSA-vhcq-4xrm-2cr2.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.4-p13

Affected versions

0.*

0.1.0-alpha89

0.1.0-alpha90

0.1.0-alpha91

0.1.0-alpha92

0.1.0-alpha93

0.1.0-alpha94

0.1.0-alpha95

0.1.0-alpha96

0.1.0-alpha97

0.1.0-alpha98

0.1.0-alpha99

0.1.0-alpha100

0.1.0-alpha101

0.1.0-alpha102

0.1.0-alpha103

0.1.0-alpha104

0.1.0-alpha105

0.1.0-alpha106

0.1.0-alpha107

0.1.0-alpha108

0.42.0-beta1

0.42.0-beta2

0.42.0-beta3

0.42.0-beta4

0.42.0-beta5

0.42.0-beta6

0.42.0-beta7

0.42.0-beta8

0.42.0-beta9

0.42.0-beta10

0.42.0-beta11

0.74.0-beta1

0.74.0-beta2

0.74.0-beta3

0.74.0-beta4

0.74.0-beta5

0.74.0-beta6

0.74.0-beta7

0.74.0-beta8

0.74.0-beta9

0.74.0-beta10

0.74.0-beta11

0.74.0-beta12

0.74.0-beta13

0.74.0-beta14

0.74.0-beta15

0.74.0-beta16

1.*

1.0.0-beta

1.0.0-beta2

1.0.0-beta3

1.0.0-beta4

1.0.0-beta5

1.0.0-beta6

2.*

2.0.0-rc

2.0.0-rc2

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

2.1.14

2.1.15

2.1.16

2.1.17

2.1.18

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.2.11

2.3.0

2.3.1

2.3.2

2.3.2-p2

2.3.3

2.3.3-p1

2.3.4

2.3.4-p2

2.3.5

2.3.5-p1

2.3.5-p2

2.3.6

2.3.6-p1

2.3.7

2.3.7-p1

2.3.7-p2

2.3.7-p3

2.3.7-p4

2.4.0

2.4.0-p1

2.4.1

2.4.1-p1

2.4.2

2.4.2-p1

2.4.2-p2

2.4.3

2.4.3-p1

2.4.3-p2

2.4.3-p3

2.4.4

2.4.4-p1

2.4.4-p2

2.4.4-p3

2.4.4-p4

2.4.4-p5

2.4.4-p6

2.4.4-p7

2.4.4-p8

2.4.4-p9

2.4.4-p10

2.4.4-p11

2.4.4-p12

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-vhcq-4xrm-2cr2/GHSA-vhcq-4xrm-2cr2.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.8-beta1

Fixed

2.4.8-beta2

Affected versions

2.*

2.4.8-beta1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-vhcq-4xrm-2cr2/GHSA-vhcq-4xrm-2cr2.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-vhcq-4xrm-2cr2/GHSA-vhcq-4xrm-2cr2.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-vhcq-4xrm-2cr2/GHSA-vhcq-4xrm-2cr2.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-vhcq-4xrm-2cr2/GHSA-vhcq-4xrm-2cr2.json"

magento/community-edition

Package

Name: magento/community-edition
Purl: pkg:composer/magento/community-edition

Affected ranges

Affected versions

2.*

2.4.7

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-vhcq-4xrm-2cr2/GHSA-vhcq-4xrm-2cr2.json"