CVE-2025-24429

LOW Year: 2025
CVSS v3 Score
3.5
Low
Weakness Type
CWE-284
View all →

Vulnerability Description

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction.

Related Vulnerabilities

CVE-2016-4874

LOW
CVSS:3.5(Low)

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.

CWE-2842016

CVE-2020-3126

LOW
CVSS:3.5(Low)

vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security wa...

CWE-2842020

CVE-2021-22567

LOW
CVSS:3.5(Low)

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker...

CWE-2842021

CVE-2022-39860

LOW
CVSS:3.5(Low)

Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.

CWE-2842022

CVE-2023-28845

LOW
CVSS:3.5(Low)

Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use th...

CWE-2842023

CVE-2023-49098

LOW
CVSS:3.5(Low)

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.

CWE-2842023