This CVE ID was issued in error by its CVE Numbering Authority.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Adobe
  • Commerce

No data.

No data.

References

No reference.

History

Mon, 20 Oct 2025 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe commerce
Vendors & Products Adobe
Adobe commerce

Fri, 17 Oct 2025 23:15:00 +0000

Type Values Removed Values Added
Title Adobe Commerce | Incorrect Authorization (CWE-863)
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 17 Oct 2025 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Fri, 17 Oct 2025 22:15:00 +0000

Type Values Removed Values Added
Description Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized read access. Exploitation of this issue does not require user interaction. This CVE ID was issued in error by its CVE Numbering Authority.

Wed, 15 Oct 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Oct 2025 20:45:00 +0000

Type Values Removed Values Added
Description Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized read access. Exploitation of this issue does not require user interaction.
Title Adobe Commerce | Incorrect Authorization (CWE-863)
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}
cve-icon MITRE

Status: REJECTED

Assigner: adobe

Published: 2025-10-14T20:27:55.146Z

Updated: 2025-10-17T22:03:57.800Z

Reserved: 2025-07-17T21:15:02.467Z

Link: CVE-2025-54277

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-10-14T21:15:35.873

Modified: 2025-10-17T22:15:34.593

Link: CVE-2025-54277

cve-icon Redhat

No data.