CVE-2025-24417
📋 TL;DR
A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious scripts into form fields. When victims browse pages containing these fields, their browsers execute the attacker's JavaScript, potentially leading to session takeover. This affects Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier.
💻 Affected Systems
- Adobe Commerce
- Magento Open Source
📦 What is this software?
Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →Magento by Adobe
Magento (now Adobe Commerce) is a leading open-source e-commerce platform powering hundreds of thousands of online stores worldwide, processing billions in transactions across B2C, B2B, and marketplace models. Used by brands including Nike, Ford, Coca-Cola, Olympus, and thousands of mid-market retai...
Learn more about Magento →⚠️ Risk & Real-World Impact
Worst Case
Complete session takeover leading to administrative account compromise, data theft, and potential privilege escalation to full system control.
Likely Case
Session hijacking of customer or low-privileged admin accounts, leading to unauthorized purchases, data access, or account manipulation.
If Mitigated
Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.
🎯 Exploit Status
Requires authenticated low-privileged access. Exploitation involves injecting malicious scripts into specific form fields that persist in the application.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to Adobe Commerce 2.4.8-beta2, 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12 or later
Vendor Advisory: https://helpx.adobe.com/security/products/magento/apsb25-08.html
Restart Required: No
Instructions:
1. Backup your Adobe Commerce instance. 2. Apply the security patch via Composer: composer require magento/quality-patches. 3. Apply specific patch for your version. 4. Clear cache: php bin/magento cache:clean. 5. Test functionality.
🔧 Temporary Workarounds
Implement Content Security Policy
allAdd CSP headers to restrict script execution from untrusted sources
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or configure in nginx: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";
Input Validation Sanitization
allImplement server-side input validation and output encoding for all form fields
Implement PHP filter_var() with FILTER_SANITIZE_STRING for all user inputs
Use htmlspecialchars() or htmlentities() for output encoding
🧯 If You Can't Patch
- Implement Web Application Firewall (WAF) rules to block XSS payloads
- Disable or restrict access to vulnerable form fields for low-privileged users
🔍 How to Verify
Check if Vulnerable:
Check Adobe Commerce version via admin panel or run: php bin/magento --versionCheck Version:
php bin/magento --versionVerify Fix Applied:
Verify version is patched: php bin/magento --version should show 2.4.8-beta2, 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12 or later📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to form endpoints with script tags
- Multiple failed XSS attempts in web server logs
- Suspicious user agent strings containing script payloads
Network Indicators:
- HTTP requests containing <script>, javascript:, or eval() patterns
- Unusual outbound connections from admin sessions
SIEM Query:
source="web_logs" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=") AND status=200