{"id":16555,"date":"2025-06-11T11:51:23","date_gmt":"2025-06-11T06:21:23","guid":{"rendered":"https:\/\/meetanshi.com\/blog\/?p=16555"},"modified":"2026-05-29T09:51:47","modified_gmt":"2026-05-29T04:21:47","slug":"apsb25-50-security-patches-for-magento","status":"publish","type":"post","link":"https:\/\/meetanshi.com\/blog\/apsb25-50-security-patches-for-magento\/","title":{"rendered":"Adobe Commerce &amp; Magento Open Source Security Update APSB25-50"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">On June 10, 2025, Adobe released a regular security update (bulletin ID <a href=\"https:\/\/helpx.adobe.com\/security\/products\/magento\/apsb25-50.html\" target=\"_blank\" rel=\"noopener\">APSB25-50<\/a>).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The update addresses critical security vulnerabilities in Magento Open Source &amp; Adobe Commerce editions. It has a priority rating of 1, which means it\u2019s the <strong>MOST IMPORTANT<\/strong> security update and should be applied as soon as possible.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Failing to apply may allow attackers to bypass security features, escalate privileges, or execute arbitrary code on affected systems.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Affected Versions<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The following versions of Adobe Commerce, Adobe Commerce B2B, and Magento Open Source are affected by the vulnerabilities addressed in this update:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Product<\/strong><\/td><td><strong>Affected Versions<\/strong><\/td><\/tr><tr><td>Adobe Commerce<\/td><td>2.4.82.4.7-p5 and earlier2.4.6-p10 and earlier2.4.5-p12 and earlier2.4.4-p13 and earlier<\/td><\/tr><tr><td>Adobe Commerce B2B<\/td><td>1.5.2 and earlier1.4.2-p5 and earlier1.3.5-p10 and earlier1.3.4-p12 and earlier1.3.3-p13 and earlier<\/td><\/tr><tr><td>Magento Open Source<\/td><td>2.4.82.4.7-p5 and earlier2.4.6-p10 and earlier2.4.5-p12 and earlier<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What Security Vulnerabilities are Addressed?<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The Magento APSB25-50 security update resolves five vulnerabilities, including two critical ones that could have severe impacts if exploited.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Vulnerability Category<\/strong><\/td><td><strong>Impact<\/strong><\/td><td><strong>Severity<\/strong><\/td><td><strong>CVSS Base Score<\/strong><\/td><td><strong>CVE Number<\/strong><\/td><td><strong>Notes<\/strong><\/td><\/tr><tr><td>Cross-site Scripting (Reflected XSS) (CWE-79)<\/td><td>Arbitrary code execution<\/td><td>Critical<\/td><td>9.1<\/td><td>CVE-2025-47110<\/td><td>Requires authentication and admin privileges<\/td><\/tr><tr><td>Improper Authorization (CWE-285)<\/td><td>Security feature bypass<\/td><td>Critical<\/td><td>8.2<\/td><td>CVE-2025-43585<\/td><td>No admin privileges required<\/td><\/tr><tr><td>Improper Access Control (CWE-284)<\/td><td>Security feature bypass<\/td><td>Important<\/td><td>5.3<\/td><td>CVE-2025-27206<\/td><td>Requires authentication and admin privileges<\/td><\/tr><tr><td>Improper Access Control (CWE-284)<\/td><td>Privilege escalation<\/td><td>Important<\/td><td>6.5<\/td><td>CVE-2025-27207<\/td><td>B2B Only, requires authentication and admin privileges<\/td><\/tr><tr><td>Improper Access Control (CWE-284)<\/td><td>Privilege escalation<\/td><td>Important<\/td><td>6.5<\/td><td>CVE-2025-43586<\/td><td>B2B Only, requires authentication and admin privileges<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Here\u2019s why these vulnerabilities are very important to fix:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cross-site Scripting (XSS):<\/strong> The hackers\/attackers could inject malicious scripts into web pages viewed by users, which could lead to payment information leak, session hijacking, or unauthorized actions within the store\u2019s admin panel.<br><\/li>\n\n\n\n<li><strong>Improper Authorization and Access Control:<\/strong> The attackers could bypass security restrictions (e.g., admin login) and perform actions such as modifying store settings, creating discount codes, or accessing customer data.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Therefore, affected stores are at potential risk of customer data leak, financial loss, and overall disruption of their business.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><div class=\"meetanshi-cta\">\r\n<div class=\"cta-content-wrapper\">\r\n<span>Magento 2 Security Patches Installation<\/span>\r\n<p>Keep your store secure with the latest Magento 2 patches\u2014add them before it\u2019s too late.<\/p>\r\n<a href=\"https:\/\/meetanshi.com\/magento-security-patches-installation-service.html\" target=\"_blank\" class=\"btn-primary\">Add Now <\/a>\r\n<\/div>\r\n<div class=\"cta-image-new\">\r\n<img decoding=\"async\" src=\"https:\/\/meetanshi.com\/blog\/wp-content\/uploads\/2025\/11\/security-patches-installation-service.png\" alt=\"Magento Security Patches Installation Service\">\r\n<\/div>\r\n<\/div><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Solution: Update Magento Version OR Apply Isolated Patch<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To address these vulnerabilities, Adobe recommends updating to the following versions:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Product<\/strong><\/td><td><strong>Affected Versions<\/strong><\/td><td><strong>Updated Version<\/strong><\/td><\/tr><tr><td rowspan=\"5\">Adobe Commerce<\/td><td>2.4.8<\/td><td>2.4.8-p1<\/td><\/tr><tr><td>2.4.7-p5 and earlier<\/td><td>2.4.7-p6<\/td><\/tr><tr><td>2.4.6-p10 and earlier<\/td><td>2.4.6-p11<\/td><\/tr><tr><td>2.4.5-p12 and earlier<\/td><td>2.4.5-p13<\/td><\/tr><tr><td>2.4.4-p13 and earlier<\/td><td>2.4.4-p14<\/td><\/tr><tr><td rowspan=\"4\">Magento Open Source<\/td><td>2.4.8<\/td><td>2.4.8-p1<\/td><\/tr><tr><td>2.4.7-p5 and earlier<\/td><td>2.4.7-p6<\/td><\/tr><tr><td>2.4.6-p10 and earlier<\/td><td>2.4.6-p11<\/td><\/tr><tr><td>2.4.5-p12 and earlier<\/td><td>2.4.5-p13<\/td><\/tr><tr><td rowspan=\"5\">Adobe Commerce B2B<\/td><td>1.5.2<\/td><td>1.5.2-p1<\/td><\/tr><tr><td>1.4.2-p5 and earlier<\/td><td>1.4.2-p6<\/td><\/tr><tr><td>1.3.5-p10 and earlier<\/td><td>1.3.5-p11<\/td><\/tr><tr><td>1.3.4-p12 and earlier<\/td><td>1.3.4-p13<\/td><\/tr><tr><td>1.3.3-p13 and earlier<\/td><td>1.3.3-p14<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Security Patches for Magento \/ Adobe Commerce<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019re not able to update immediately, you can <a href=\"https:\/\/meetanshi.com\/blog\/install-magento-2-security-patches\/\">apply the isolated patch<\/a> for <strong>CVE-2025-47110<\/strong>. The following isolated patches have been released by Adobe for Magento and Adobe Commerce:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/repo.magento.com\/patch\/VULN-31609-2-4-X-patch.zip\" target=\"_blank\" rel=\"noopener\">VULN-31609_2.4.X.patch<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/repo.magento.com\/patch\/VULN-31547-2-4-8-patch.zip\" data-type=\"link\" data-id=\"https:\/\/repo.magento.com\/patch\/VULN-31547-2-4-8-patch.zip\" target=\"_blank\" rel=\"noopener\">VULN-31547_2.4.8.patch<\/a><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">&nbsp;<strong>How to apply?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a backup of your store\u2019s database (to prevent any loss)<\/li>\n\n\n\n<li>Download the patch file using the above links<\/li>\n\n\n\n<li>Upload the file to your Magento installation\u2019s root directory<\/li>\n\n\n\n<li>Then, run the following command to apply the patch<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">For VULN-31609_2.4.X.patch:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>patch -p1 &lt; VULN-31609_2.4.X.patch<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">For VULN-31547_2.4.8.patch:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>patch -p1 &lt; VULN-31547_2.4.8.patch<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Once done, clear the Magento cache to reflect the changes.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You can also download the isolated patches from <a href=\"https:\/\/github.com\/MeetanshiInc\/Magento-Security-Patches-PrePatched-Files\/tree\/master\" target=\"_blank\" rel=\"noopener\">Github<\/a> and then apply it directly (using instructions given in the readme file).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019re not comfortable performing these updates yourself, our <a href=\"https:\/\/meetanshi.com\/magento-security-patches-installation-service.html\">Magento Security Patches Installation Service<\/a> provides professional assistance to ensure a secure and seamless update process.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On June 10, 2025, Adobe released a regular security update (bulletin ID APSB25-50). The update addresses critical security vulnerabilities in Magento Open Source &amp; Adobe&#8230;<\/p>\n","protected":false},"author":5,"featured_media":16564,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[34],"tags":[],"class_list":["post-16555","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-magento"],"acf":[],"_links":{"self":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/16555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/comments?post=16555"}],"version-history":[{"count":8,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/16555\/revisions"}],"predecessor-version":[{"id":26414,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/16555\/revisions\/26414"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/media\/16564"}],"wp:attachment":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/media?parent=16555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/categories?post=16555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/tags?post=16555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}