CVE-2025-24430 LOW

CVE-2025-24430: Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

Vendor Adobe
Product Adobe Commerce
Weakness CWE-367
Published February 11, 2025
Last update April 15, 2025

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing rate limiting mechanisms. Exploitation of this issue does not require user interaction.

Key dates

02Disclosure timeline

February 11, 2025 CVE published
April 15, 2025 Record updated