Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 15 Aug 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe commerce B2b
Adobe magento
CPEs cpe:2.3:a:adobe:commerce:*:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:*:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p11:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*
cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*
cpe:2.3:a:adobe:magento:*:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*
cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*
Vendors & Products Adobe commerce B2b
Adobe magento

Thu, 14 Aug 2025 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe commerce
Vendors & Products Adobe
Adobe commerce
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 12 Aug 2025 18:15:00 +0000

Type Values Removed Values Added
Description Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction.
Title Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2025-08-13T20:14:29.593Z

Reserved: 2025-06-06T15:42:09.518Z

Link: CVE-2025-49559

cve-icon Vulnrichment

Updated: 2025-08-13T14:18:31.396Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-12T18:15:29.600

Modified: 2025-08-15T15:40:55.130

Link: CVE-2025-49559

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-13T21:47:10Z