Akira Ransomware – Active IOCs
May 26, 2025Multiple D-Link DSL-3782 Vulnerabilities
May 26, 2025Akira Ransomware – Active IOCs
May 26, 2025Multiple D-Link DSL-3782 Vulnerabilities
May 26, 2025Severity
Medium
Analysis Summary
CVE-2025-27190 CVSS:5.3
Adobe Commerce versions are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.
CVE-2025-27191 CVSS:5.3
Adobe Commerce and Magento Open Source could allow a remote attacker to bypass security restrictions, caused by improper access control. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to bypass access restrictions.
CVE-2025-27192 CVSS:2.7
Adobe Commerce and Magento Open Source could allow a remote attacker to bypass security restrictions caused by insufficiently protected credentials. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to bypass security features.
CVE-2025-27188 CVSS:4.3
Adobe Commerce and Magento Open Source are affected by an improper authorization vulnerability that could result in privilege escalation. A remote authenticated attacker could leverage this vulnerability to bypass security measures and gain unauthorized access.
CVE-2025-27189 CVSS:4.3
Adobe Commerce and Magento Open Source are vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to change arbitrary device settings. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Impact
- Security Bypass
- Privilege Escalation
- Cross-Site Scripting
- Gain Access
Indicators of Compromise
CVE
CVE-2025-27190
CVE-2025-27191
CVE-2025-27192
CVE-2025-27188
CVE-2025-27189
Affected Vendors
- Adobe
Affected Products
- Adobe Commerce B2B - 1.5.1
- Adobe Magento Open Source - 2.4.8
- Adobe Commerce - 2.4.8
Remediation
Refer to the Adobe Security Advisory for patch, upgrade, or suggested workaround information.