In Adobe Commerce versions 2.4.9-alpha1 and earlier a high severity vulnerability CVE-2025-49557 was detected. This vulnerability allows low-privileged attackers to inject malicious scripts into form fields, potentially escalating privileges or compromising sensitive user data. Exploitation requires user interaction by visiting the vulnerable page. To address this issue, users should upgrade Adobe Commerce to versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 or 2.4.4-p15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49557.
Read more E-commerceIn GitLab CE/EE versions from 15.7 before 17.11.6, 18.0 before 18.0.4 and 18.1 before 18.1.2 a medium severity vulnerability CVE-2025-5819 was detected. This vulnerability allows authenticated users with developer access to obtain ID tokens for protected branches under certain conditions, due to incorrect permission assignment for a critical resource. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5819.
Read more Developer ToolsIn GitLab CE/EE versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 a medium severity vulnerability CVE-2025-2937 was detected. This vulnerability allows authenticated users to cause a denial of service condition by sending specially crafted markdown payloads to the Wiki feature due to inefficient regular expression complexity. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2937.
Read more Developer ToolsIn GitLab EE versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4 and 18.2 prior to 18.2.2 a medium severity vulnerability CVE-2025-2498 was detected. This vulnerability allows users, under certain conditions, to view assigned issues from restricted groups by bypassing IP restrictions due to insufficient granularity of access control. To address this issue, users should upgrade GitLab EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2498.
Read more Developer ToolsIn GitLab CE/EE versions from 11.6 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 a medium severity vulnerability CVE-2025-2614 was detected. This vulnerability allows authenticated users to cause a denial of service condition by creating specially crafted content that consumes excessive server resources when processed, due to lack of proper throttling or resource limits. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2614.
Read more Developer ToolsIn GitLab CE/EE versions from 8.14 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 a medium severity vulnerability CVE-2025-1477 was detected. This vulnerability allows unauthenticated users to cause a denial of service condition by sending specially crafted payloads to specific integration API endpoints, due to lack of proper resource limits and throttling. To address this issue, users should upgrade GitLab CE/EE to versions 18.2.2, 18.1.4 or 18.0.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1477.
Read more Developer ToolsIn Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier a high severity vulnerability CVE-2025-49558 was detected. This vulnerability allows attackers to bypass security features by exploiting a Time-of-check Time-of-use (TOCTOU) Race Condition, enabling unauthorized write access. To address this issue, users should upgrade Magento to versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 or 2.4.4-p15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49558.
Read more E-commerceIn Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier a high severity vulnerability CVE-2025-49554 was detected. This vulnerability allows attackers to cause a denial-of-service (DoS) condition by providing specially crafted input, leading the application to crash or become unresponsive. To address this issue, users should upgrade Adobe Commerce to versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14 or 2.4.4-p15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49554.
Read more E-commerceIn Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier a high severity vulnerability CVE-2025-49555 was detected. This vulnerability allows attackers to escalate privileges through CSRF by tricking authenticated users into performing unintended actions, potentially enabling unauthorized access or modification of sensitive data. Currently, there is no fix version for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49555.
Read more E-commerce