CVE-2025-49555— Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-49555
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Adobe Commerce | Cross-Site Request Forgery (CSRF) (CWE-352)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Adobe Commerce 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Adobe Commerce是美国奥多比(Adobe)公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce存在跨站请求伪造漏洞,该漏洞源于容易受到跨站请求伪造攻击,可能导致权限提升。以下版本受到影响:2.4.9-alpha1版本、2.4.8-p1版本、2.4.7-p6版本、2.4.6-p11版本、2.4.5-p13版本、2.4.4-p14版本及之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Adobe | Adobe Commerce | 0 ~ 2.4.4-p14 | - |
II. Public POCs for CVE-2025-49555
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-49555
请登录查看更多情报信息。
Same Patch Batch · Adobe · 2025-08-12 · 67 CVEs total
| CVE-2025-49557 | 8.7 HIGH | Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-54212 | 7.8 HIGH | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-54216 | 7.8 HIGH | InCopy | Out-of-bounds Write (CWE-787) |
| CVE-2025-54224 | 7.8 HIGH | InDesign Desktop | Use After Free (CWE-416) |
| CVE-2025-54213 | 7.8 HIGH | InDesign Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2025-54210 | 7.8 HIGH | InDesign Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2025-54225 | 7.8 HIGH | InDesign Desktop | Use After Free (CWE-416) |
| CVE-2025-54209 | 7.8 HIGH | InDesign Desktop | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-54208 | 7.8 HIGH | InDesign Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2025-49563 | 7.8 HIGH | Illustrator | Out-of-bounds Write (CWE-787) |
| CVE-2025-54226 | 7.8 HIGH | InDesign Desktop | Use After Free (CWE-416) |
| CVE-2025-49571 | 7.8 HIGH | Substance3D - Modeler | Uncontrolled Search Path Element (CWE-427) |
| CVE-2025-54206 | 7.8 HIGH | InDesign Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2025-54187 | 7.8 HIGH | Substance3D - Painter | Out-of-bounds Write (CWE-787) |
| CVE-2025-49560 | 7.8 HIGH | Substance3D - Viewer | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-49569 | 7.8 HIGH | Substance3D - Viewer | Out-of-bounds Write (CWE-787) |
| CVE-2025-49561 | 7.8 HIGH | Animate | Use After Free (CWE-416) |
| CVE-2025-49570 | 7.8 HIGH | Photoshop Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2025-49573 | 7.8 HIGH | Substance3D - Modeler | Out-of-bounds Write (CWE-787) |
| CVE-2025-49572 | 7.8 HIGH | Substance3D - Modeler | Out-of-bounds Write (CWE-787) |
Showing top 20 of 67 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Adobe Commerce
- CVE-2026-21291
Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) - CVE-2026-21293
Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918 - CVE-2026-21282
Adobe Commerce | Improper Input Validation (CWE-20) - CVE-2026-21286
Adobe Commerce | Incorrect Authorization (CWE-863) - CVE-2026-21294
Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918
Same vendor: Adobe
- CVE-2026-34632
Photoshop Installer | CWE-427: Uncontrolled Search Path Elem - CVE-2026-27297
Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (C - CVE-2026-27300
Adobe Framemaker | Access of Uninitialized Pointer (CWE-824) - CVE-2026-27296
Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (C - CVE-2026-27290
Adobe Framemaker | Untrusted Search Path (CWE-426)
Same weakness: CWE-352
- CVE-2021-47953
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/pass - CVE-2021-47946
OpenCart 3.0.36 Account Takeover via Cross Site Request Forg - CVE-2022-50955
WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-42286
Emlog: Cross-Site Request Forgery in Admin Functions
V. Comments for CVE-2025-49555
No comments yet