magento/community-edition Security Advisories for 2.4.7-p7 (6)
-
[HIGH] Magento provides incorrect authorization through a security feature bypass
PKSA-sx8r-h4sj-cx12 CVE-2025-54263 GHSA-69x9-xp2j-w8g8
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[HIGH] Magento vulnerable to stored Cross-Site Scripting (XSS)
PKSA-kfkq-dx9k-8hdv CVE-2025-54264 GHSA-2768-5wmv-cfff
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[MEDIUM] Magento allows incorrect authorization
PKSA-xbxj-3c74-rztg CVE-2025-54265 GHSA-r355-75hw-r8jf
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[MEDIUM] Magento vulnerable to stored Cross-Site Scripting (XSS)
PKSA-k1pj-8rhw-k527 CVE-2025-54266 GHSA-pcrx-r49h-x2w5
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[MEDIUM] Magento vulnerable to privilege escalation due to incorrect authorization
PKSA-cdwr-82gv-fq4r CVE-2025-54267 GHSA-qvwr-p3hj-j6jf
Affected version: =2.4.6|=2.4.7|=2.4.8|<2.4.6-p13|>=2.4.7-beta1,<2.4.7-p8|>=2.4.8-beta1,<2.4.8-p3|>=2.4.9-alpha1,<2.4.9-alpha3
Reported by:
GitHub -
[CRITICAL] Magento Community Edition Improper Input Validation vulnerability
PKSA-zy5h-f76g-zq5h CVE-2025-54236 GHSA-wh92-6q6g-px7j
Affected version: =2.4.9|>=2.4.8-beta1,<=2.4.8-p2|>=2.4.7-beta1,<=2.4.7-p7|=2.4.8|=2.4.7|>=2.4.9-alpha1,<=2.4.9-alpha2|=2.4.5|>=2.4.6-p1,<=2.4.6-p12|=2.4.6|<=2.4.5-p14
Reported by:
GitHub