CVE-2025-49554

HIGH7.5EPSS 0.29%

Magento vulnerable to denial of service

Published: 8/12/2025Modified: 10/22/2025

Description

Magento versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.

Affected packages (2)

Packagist/magento/community-edition>= 2.4.9-alpha1, < 2.4.9-alpha2
Packagist/magento/project-community-editionfrom 0, <= 2.0.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-49554
PATCHhttps://github.com/magento/magento2
WEBhttps://helpx.adobe.com/security/products/magento/apsb25-71.html