VDB

GCVE-110-NCSC-2025-54

GCVE-110-NCSC-2025-54
Advisory PublishedCVSS 7.5/10
Vulnetix · Advisory published February 13, 2025
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Weaknesses (CWE)

CWE-840-CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-863Incorrect AuthorizationCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-285Improper AuthorizationCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-284Improper Access ControlCWE-657Violation of Secure Design PrinciplesCWE-367Time-of-check Time-of-use (TOCTOU) Race Condition

Risk Scores

CVSS 3.1
7.5/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersionsPlatforms
adobemagento_open_source
adobeadobe_commerce_b2b
adobeadobe_commerce

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›