CVE Alert: CVE-2025-27400
Vulnerability Summary: CVE-2025-27400
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.1 contain a vulnerability that allows script execution in the admin panel which could lead to cross-site scripting against authenticated admin users. The attack requires an admin user with configuration access, so in practicality it is not very likely to be useful given that a user with this level of access is probably already a full admin. Versions 20.12.3 and 20.13.1 contain a patch for the issue.
Affected Endpoints:
No affected endpoints listed.
Published Date:
2/28/2025, 4:15:40 PM
❄️ CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://github.com/OpenMage/magento-lts/commit/d307e5bf75729a2347dde0952fe9fd9fcd9c6aea
- https://github.com/OpenMage/magento-lts/releases/tag/v20.12.3
- https://github.com/OpenMage/magento-lts/releases/tag/v20.13.0
- https://github.com/OpenMage/magento-lts/security/advisories/GHSA-5pxh-89cx-4668
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
