{"id":23695,"date":"2025-10-15T15:44:16","date_gmt":"2025-10-15T10:14:16","guid":{"rendered":"https:\/\/meetanshi.com\/blog\/?p=23695"},"modified":"2025-11-15T14:31:32","modified_gmt":"2025-11-15T09:01:32","slug":"apsb25-94-security-patches-for-magento","status":"publish","type":"post","link":"https:\/\/meetanshi.com\/blog\/apsb25-94-security-patches-for-magento\/","title":{"rendered":"[APSB25-94] Adobe Commerce\/Magento Security Patch"},"content":{"rendered":"\n

On October 14, 2025, Adobe released a regular security update under the bulletin ID APSB25-94<\/a>, addressing the critical and important security vulnerabilities in Magento Open Source & Adobe Commerce.<\/p>\n\n\n\n

With a priority rating of 2, this security update should be applied promptly (ideally within a few weeks).<\/p>\n\n\n\n

Failing to apply may allow attackers to bypass security features, escalate privileges, or execute arbitrary code on affected systems.<\/p>\n\n\n\n

Affected Versions<\/h2>\n\n\n\n

Here is the list of affected versions of Adobe Commerce, Adobe Commerce B2B, and Magento Open Source:<\/p>\n\n\n\n

Product<\/strong><\/td>Affected Versions<\/strong><\/td><\/tr>
Adobe Commerce<\/td>2.4.9-alpha2 and earlier 
2.4.8-p2 and earlier 
2.4.7-p7 and earlier 
2.4.6-p12 and earlier 
2.4.5-p14 and earlier 
2.4.4-p15 and earlier<\/td><\/tr>
Adobe Commerce B2B<\/td>1.5.3-alpha2 and earlier 
1.5.2-p2 and earlier 
1.4.2-p7 and earlier 
1.3.5-p12 and earlier 
1.3.4-p14 and earlier 
1.3.3-p15 and earlier<\/td><\/tr>
Magento Open Source<\/td>2.4.9-alpha2 and earlier 
2.4.8-p2 and earlier 
2.4.7-p7 and earlier 
2.4.6-p12 and earlier 
2.4.5-p14 and earlier<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

What Security Vulnerabilities are Addressed?<\/h2>\n\n\n\n

The Magento APSB25-94 security update resolves five vulnerabilities, including two critical ones that could have severe impacts if exploited.<\/p>\n\n\n\n

Vulnerability Category<\/strong><\/td>Vulnerability Impact<\/strong><\/td>Severity<\/strong><\/td>CVE number(s)<\/strong><\/td><\/tr>
Improper Access Control <\/td>Security feature bypass<\/td>Critical<\/td>CVE-2025-54263<\/td><\/tr>
Cross-site Scripting (Stored XSS)<\/td>Privilege escalation<\/td>Critical<\/td>CVE-2025-54264<\/td><\/tr>
Incorrect Authorization<\/td>Security feature bypass<\/td>Important<\/td>CVE-2025-54265<\/td><\/tr>
Cross-site Scripting(Stored XSS)<\/td>Arbitrary code execution<\/td>Important<\/td>CVE-2025-54266<\/td><\/tr>
Incorrect Authorization<\/td>Privilege escalation<\/td>Important<\/td>CVE-2025-54267<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Here\u2019s why these vulnerabilities are very important to fix:<\/p>\n\n\n\n