[APSB25-71] Security Patch for Adobe Commerce & Magento Open Source

On August 12, 2025, Adobe released a security update bulletin ID APSB25-71 with a priority rating of 2.

When Adobe gives a priority of 2, it means:

  1. There are no vulnerabilities that have attack sites yet, but once they are known can cause harm
  2. You need install the updates soon (within a few days)

Summary of APSB25-71 Security Update

This security update resolves critical and important Magento vulnerabilities. 

Which means, adding this update makes your server safe from hackers executing any programs, and restricts access to confidential data, or other store resources. 

With this update, Adobe has fixed the flaws, and there are no attacks yet, but it is better to take action now and safeguard your store now than to be sorry later. 

Vulnerability Details for Adobe Commerce, Adobe Commerce B2B, & Magento Open Source 

Below, I have highlighted the impact of the vulnerability along with its Common Weakness Enumeration (CWE) identifier.

  • Improper Input Validation (CWE-20): This vulnerability leads to an application denial-of-service.
  • Cross-Site Request Forgery (CWE-352): This impacts privilege escalation.
  • Incorrect Authorization (CWE-863): This might cause an arbitrary file system read.

Each vulnerability impact comes with a severity of critical and important. There can be chances of your store becoming unresponsive or hackers getting access to sensitive files without any permission. Here are the rest of the vulnerability details to know the other implication you might face.

Affected Versions + Solution to Fix the Vulnerabilities

The simple solution here is to update the versions of the Adobe Commerce, Adobe Commerce B2B, and Magento Open Source platforms with the latest versions mentioned by Adobe. 

Each version comes with a priority rating of 2, making it essential to update it within a few days. 

ProductAffected Version Update Version 
Adobe Commerce2.4.9-alpha1
2.4.8-p1 and earlier
2.4.7-p6 and earlier
2.4.6-p11 and earlier
2.4.5-p13 and earlier
2.4.4-p14 and earlier		2.4.9-alpha2
2.4.8-p2
2.4.7-p7
2.4.6-p12
2.4.5-p14
2.4.4-p15
Adobe Commerce B2B1.5.3-alpha1
1.5.2-p1 and earlier
1.4.2-p6 and earlier
1.3.5-p11 and earlier
1.3.4-p13 and earlier
1.3.3-p14 and earlier		1.5.3-alpha2
1.5.2-p2
1.4.2-p7
1.3.4-p14
1.3.3-p15
Magento Open Source2.4.9-alpha1
2.4.8-p1 and earlier
2.4.7-p6 and earlier
2.4.6-p11 and earlier
2.4.5-p13 and earlier		2.4.9-alpha2
2.4.8-p2
2.4.7-p7
2.4.6-p12
2.4.5-p14

Magento 2 Security Patches Installation

Keep your store secure with the latest Magento 2 patches—add them before it’s too late.

Add Now
Magento Security Patches Installation Service

The right action is to update your versions and avoid any kind of mishap that can affect your store negatively. 

So, before any other store task, make it a priority to update. 

Sanjay Jethva

Article by

Sanjay Jethva

Sanjay is the co-founder and CTO of Meetanshi with hands-on expertise with Magento since 2011. He specializes in complex development, integrations, extensions, and customizations. Sanjay is one the top 50 contributor to the Magento community and is recognized by Adobe. His passion for Magento 2 and Shopify solutions has made him a trusted source for...