Medium

CVE-2025-27190 CVSS:5.3

Adobe Commerce versions are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

CVE-2025-27191 CVSS:5.3

Adobe Commerce and Magento Open Source could allow a remote attacker to bypass security restrictions, caused by improper access control. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to bypass access restrictions.

CVE-2025-27192 CVSS:2.7

Adobe Commerce and Magento Open Source could allow a remote attacker to bypass security restrictions caused by insufficiently protected credentials. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to bypass security features.

CVE-2025-27188 CVSS:4.3

Adobe Commerce and Magento Open Source are affected by an improper authorization vulnerability that could result in privilege escalation. A remote authenticated attacker could leverage this vulnerability to bypass security measures and gain unauthorized access.

CVE-2025-27189 CVSS:4.3

Adobe Commerce and Magento Open Source are vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to change arbitrary device settings. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.