{"id":"CVE-2025-49554","details":"Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.","aliases":["GHSA-xgfm-992v-h2hr"],"modified":"2026-04-10T05:28:59.460156Z","published":"2025-08-12T18:15:28.840Z","references":[{"type":"ADVISORY","url":"https://helpx.adobe.com/security/products/magento/apsb25-71.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/magento/magento2","events":[{"introduced":"0"},{"fixed":"0f9a056c8d83c4f319626b3e56ec52a533999f25"},{"introduced":"0"},{"last_affected":"0f9a056c8d83c4f319626b3e56ec52a533999f25"},{"introduced":"0"},{"last_affected":"5548bc64b5bc904346c0af9193a7fbb5274b4efa"},{"introduced":"0"},{"last_affected":"712cea4825f6067e1e7ed629abc2bd9eed157a12"},{"introduced":"0"},{"last_affected":"29f9a054bfe9892e9656558fc9a19174118f918d"},{"introduced":"0"},{"last_affected":"52b27a0277f0be82a87c3d6b12d83d1ce409ea3f"},{"introduced":"0"},{"last_affected":"e03d253378ccc04a70c790f092574a777e88b942"},{"introduced":"0"},{"last_affected":"ef922155dbe6321862b3811e2472f2790489e685"},{"introduced":"0"},{"last_affected":"e18651b120784046b22e146ca1ab5d79493ed8a4"},{"introduced":"0"},{"last_affected":"c739d2113ebbbdceede4fa0dd6b0a0fc3e83355c"},{"introduced":"0"},{"last_affected":"a2ded45232876973af6e30fe312b76c0de77ebf3"},{"introduced":"0"},{"last_affected":"73f312a2f9bc43ee6bf436cb4e26ee20f6901322"},{"introduced":"0"},{"last_affected":"7aef59b58158c2c5f031a15550e590e3b499c989"},{"introduced":"0"},{"last_affected":"9721cc22eb32482d82e5e3d275fe3a0221d8b750"},{"introduced":"0"},{"last_affected":"30877fce83b793f71421c47347885cf076e81799"},{"introduced":"0"},{"last_affected":"1df4565907d40f14ee1c753cc2de2ce567bfa8d7"},{"introduced":"0"},{"last_affected":"11846a1a10539470f2fe1522030ff42d62daa562"},{"introduced":"0"},{"last_affected":"ca0c22e48ad5adb5726b5a949a702e99937c04c3"},{"introduced":"0"},{"last_affected":"ef1ad91d13cb1a5f8f471d084354dbdd8fe1f5ba"},{"introduced":"0"},{"last_affected":"ea0b9a63fdc1409f74988f813046c1daa92fd320"},{"introduced":"0"},{"last_affected":"9bf2c06ea8c9fc52698f4e9994b5334a436649ad"},{"introduced":"0"},{"last_affected":"3e26248d2ccb4b52d75e6188bb1fc93dd691c254"},{"introduced":"0"},{"last_affected":"58dfc61e7b545bdeaf3c3a2dac489e8770d85656"},{"introduced":"0"},{"last_affected":"4d4e0e2ebf249a00c5f5aa1eaec3f24575133b62"},{"introduced":"0"},{"last_affected":"d6f014854784eccd39d2ecb35c4beeb82d59b309"},{"introduced":"0"},{"last_affected":"5bb9fe778e521cf2f3b35433c196d6ed2fd5ecb9"},{"introduced":"0"},{"last_affected":"eb27f55ff8d66db98e60784efa6d737b8ec94734"},{"introduced":"0"},{"last_affected":"a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"introduced":"0"},{"last_affected":"6fedf5c513623ecc8a1a580501a49a1331e68568"},{"introduced":"0"},{"last_affected":"d846142a3ab8b49597dfb8bd7508d875efdab19a"},{"introduced":"0"},{"last_affected":"727560d82199f6b938d1906e9d923e2dd40b490a"},{"introduced":"0"},{"last_affected":"cd23f12c2ab26a0339e89d004c63b9f6d794bc57"},{"introduced":"0"},{"last_affected":"e2907757d44416816eae809adec35b0a32052745"},{"introduced":"0"},{"last_affected":"37861a4025ef7f18016d3ab149e006da46821784"},{"introduced":"0"},{"last_affected":"6cc0d28cf66074adebc261e981eb35811601f813"},{"introduced":"0"},{"last_affected":"b57e30c9ae27e513da830ad1d3b20c6a94afa0e7"},{"introduced":"0"},{"last_affected":"a3179be22a602e83f7e1eca187d5f8a927ef392c"},{"introduced":"0"},{"last_affected":"c5c538810b87449886f4669cb8abbe8e5593c83c"},{"introduced":"0"},{"last_affected":"06099d29b333ac4acd68f051905717202b7221a0"},{"introduced":"0"},{"last_affected":"6d1912708f8888efb6be037386515f566aa0d65a"},{"introduced":"0"},{"last_affected":"65cf42c0ffeb3cb64b03a3e7f654dca5034af871"},{"introduced":"0"},{"last_affected":"fcebd3a4ad2a6863af2e2092f5e548cbd81cb0f8"},{"introduced":"0"},{"last_affected":"d10435b11ada4e502dca7539f8fd31d059d3c482"},{"introduced":"0"},{"last_affected":"d196d504d8b387454a123033ec2a74d7fd3d5430"},{"introduced":"0"},{"last_affected":"2090f74025ddc4da7d453f6864f245e26dc0b19a"},{"introduced":"0"},{"last_affected":"d10435b11ada4e502dca7539f8fd31d059d3c482"},{"introduced":"0"},{"last_affected":"d196d504d8b387454a123033ec2a74d7fd3d5430"},{"introduced":"0"},{"last_affected":"ccc675d091d16bb90fa035c47f6f7dd410ac3e40"},{"introduced":"0"},{"last_affected":"b22ed6058d009b783fe592d32c7ae2f62720bba8"},{"introduced":"0"},{"last_affected":"dc87600a0ab002bb2b7ef573fe78cfc951edb36c"},{"introduced":"0"},{"last_affected":"b69acb3d4cb3720665c7829fd6390d3036a07b13"},{"introduced":"0"},{"last_affected":"94b8544e82fd84d1443060cddb5481b7fd462de2"},{"introduced":"0"},{"last_affected":"c5056c77ddfd62022a4381aae750bf403100e4c7"},{"introduced":"0"},{"fixed":"1df4565907d40f14ee1c753cc2de2ce567bfa8d7"},{"introduced":"0"},{"last_affected":"1df4565907d40f14ee1c753cc2de2ce567bfa8d7"},{"introduced":"0"},{"last_affected":"11846a1a10539470f2fe1522030ff42d62daa562"},{"introduced":"0"},{"last_affected":"ca0c22e48ad5adb5726b5a949a702e99937c04c3"},{"introduced":"0"},{"last_affected":"ef1ad91d13cb1a5f8f471d084354dbdd8fe1f5ba"},{"introduced":"0"},{"last_affected":"ea0b9a63fdc1409f74988f813046c1daa92fd320"},{"introduced":"0"},{"last_affected":"9bf2c06ea8c9fc52698f4e9994b5334a436649ad"},{"introduced":"0"},{"last_affected":"3e26248d2ccb4b52d75e6188bb1fc93dd691c254"},{"introduced":"0"},{"last_affected":"58dfc61e7b545bdeaf3c3a2dac489e8770d85656"},{"introduced":"0"},{"last_affected":"4d4e0e2ebf249a00c5f5aa1eaec3f24575133b62"},{"introduced":"0"},{"last_affected":"d6f014854784eccd39d2ecb35c4beeb82d59b309"},{"introduced":"0"},{"last_affected":"5bb9fe778e521cf2f3b35433c196d6ed2fd5ecb9"},{"introduced":"0"},{"last_affected":"eb27f55ff8d66db98e60784efa6d737b8ec94734"},{"introduced":"0"},{"last_affected":"a3c6d6e5e95e63031e4df26cfcf76feace7549c2"},{"introduced":"0"},{"last_affected":"6fedf5c513623ecc8a1a580501a49a1331e68568"},{"introduced":"0"},{"last_affected":"d846142a3ab8b49597dfb8bd7508d875efdab19a"},{"introduced":"0"},{"last_affected":"727560d82199f6b938d1906e9d923e2dd40b490a"},{"introduced":"0"},{"last_affected":"cd23f12c2ab26a0339e89d004c63b9f6d794bc57"},{"introduced":"0"},{"last_affected":"e2907757d44416816eae809adec35b0a32052745"},{"introduced":"0"},{"last_affected":"37861a4025ef7f18016d3ab149e006da46821784"},{"introduced":"0"},{"last_affected":"6cc0d28cf66074adebc261e981eb35811601f813"},{"introduced":"0"},{"last_affected":"b57e30c9ae27e513da830ad1d3b20c6a94afa0e7"},{"introduced":"0"},{"last_affected":"a3179be22a602e83f7e1eca187d5f8a927ef392c"},{"introduced":"0"},{"last_affected":"c5c538810b87449886f4669cb8abbe8e5593c83c"},{"introduced":"0"},{"last_affected":"06099d29b333ac4acd68f051905717202b7221a0"},{"introduced":"0"},{"last_affected":"6d1912708f8888efb6be037386515f566aa0d65a"},{"introduced":"0"},{"last_affected":"65cf42c0ffeb3cb64b03a3e7f654dca5034af871"},{"introduced":"0"},{"last_affected":"fcebd3a4ad2a6863af2e2092f5e548cbd81cb0f8"},{"introduced":"0"},{"last_affected":"d10435b11ada4e502dca7539f8fd31d059d3c482"},{"introduced":"0"},{"last_affected":"d196d504d8b387454a123033ec2a74d7fd3d5430"},{"introduced":"0"},{"last_affected":"2090f74025ddc4da7d453f6864f245e26dc0b19a"},{"introduced":"0"},{"last_affected":"d10435b11ada4e502dca7539f8fd31d059d3c482"},{"introduced":"0"},{"last_affected":"d196d504d8b387454a123033ec2a74d7fd3d5430"},{"introduced":"0"},{"last_affected":"ccc675d091d16bb90fa035c47f6f7dd410ac3e40"},{"introduced":"0"},{"last_affected":"b22ed6058d009b783fe592d32c7ae2f62720bba8"},{"introduced":"0"},{"last_affected":"dc87600a0ab002bb2b7ef573fe78cfc951edb36c"},{"introduced":"0"},{"last_affected":"b69acb3d4cb3720665c7829fd6390d3036a07b13"},{"introduced":"0"},{"last_affected":"94b8544e82fd84d1443060cddb5481b7fd462de2"},{"introduced":"0"},{"last_affected":"c5056c77ddfd62022a4381aae750bf403100e4c7"},{"introduced":"0"},{"last_affected":"5ae071f4a5745f58a224432efb5ac3094cccaa27"},{"introduced":"0"},{"last_affected":"10fdaddfd21f922d0c1b4f9f889dba8cfd4be8d6"},{"introduced":"0"},{"last_affected":"8a39055c0ae93f331e8073fd593d27e39be40b3d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.4.4"},{"introduced":"0"},{"last_affected":"2.4.4-NA"},{"introduced":"0"},{"last_affected":"2.4.4-p1"},{"introduced":"0"},{"last_affected":"2.4.4-p10"},{"introduced":"0"},{"last_affected":"2.4.4-p11"},{"introduced":"0"},{"last_affected":"2.4.4-p12"},{"introduced":"0"},{"last_affected":"2.4.4-p13"},{"introduced":"0"},{"last_affected":"2.4.4-p2"},{"introduced":"0"},{"last_affected":"2.4.4-p3"},{"introduced":"0"},{"last_affected":"2.4.4-p4"},{"introduced":"0"},{"last_affected":"2.4.4-p5"},{"introduced":"0"},{"last_affected":"2.4.4-p6"},{"introduced":"0"},{"last_affected":"2.4.4-p7"},{"introduced":"0"},{"last_affected":"2.4.4-p8"},{"introduced":"0"},{"last_affected":"2.4.4-p9"},{"introduced":"0"},{"last_affected":"2.4.5-NA"},{"introduced":"0"},{"last_affected":"2.4.5-p1"},{"introduced":"0"},{"last_affected":"2.4.5-p10"},{"introduced":"0"},{"last_affected":"2.4.5-p11"},{"introduced":"0"},{"last_affected":"2.4.5-p12"},{"introduced":"0"},{"last_affected":"2.4.5-p13"},{"introduced":"0"},{"last_affected":"2.4.5-p2"},{"introduced":"0"},{"last_affected":"2.4.5-p3"},{"introduced":"0"},{"last_affected":"2.4.5-p4"},{"introduced":"0"},{"last_affected":"2.4.5-p5"},{"introduced":"0"},{"last_affected":"2.4.5-p6"},{"introduced":"0"},{"last_affected":"2.4.5-p7"},{"introduced":"0"},{"last_affected":"2.4.5-p8"},{"introduced":"0"},{"last_affected":"2.4.5-p9"},{"introduced":"0"},{"last_affected":"2.4.6-NA"},{"introduced":"0"},{"last_affected":"2.4.6-p1"},{"introduced":"0"},{"last_affected":"2.4.6-p10"},{"introduced":"0"},{"last_affected":"2.4.6-p11"},{"introduced":"0"},{"last_affected":"2.4.6-p2"},{"introduced":"0"},{"last_affected":"2.4.6-p3"},{"introduced":"0"},{"last_affected":"2.4.6-p4"},{"introduced":"0"},{"last_affected":"2.4.6-p5"},{"introduced":"0"},{"last_affected":"2.4.6-p6"},{"introduced":"0"},{"last_affected":"2.4.6-p7"},{"introduced":"0"},{"last_affected":"2.4.6-p8"},{"introduced":"0"},{"last_affected":"2.4.6-p9"},{"introduced":"0"},{"last_affected":"2.4.7-NA"},{"introduced":"0"},{"last_affected":"2.4.7-b1"},{"introduced":"0"},{"last_affected":"2.4.7-b2"},{"introduced":"0"},{"last_affected":"2.4.7-beta3"},{"introduced":"0"},{"last_affected":"2.4.7-p1"},{"introduced":"0"},{"last_affected":"2.4.7-p2"},{"introduced":"0"},{"last_affected":"2.4.7-p3"},{"introduced":"0"},{"last_affected":"2.4.7-p4"},{"introduced":"0"},{"last_affected":"2.4.7-p5"},{"introduced":"0"},{"last_affected":"2.4.7-p6"},{"introduced":"0"},{"last_affected":"2.4.8-NA"},{"introduced":"0"},{"last_affected":"2.4.8-beta1"},{"introduced":"0"},{"fixed":"2.4.5"},{"introduced":"0"},{"last_affected":"2.4.5-NA"},{"introduced":"0"},{"last_affected":"2.4.5-p1"},{"introduced":"0"},{"last_affected":"2.4.5-p10"},{"introduced":"0"},{"last_affected":"2.4.5-p11"},{"introduced":"0"},{"last_affected":"2.4.5-p12"},{"introduced":"0"},{"last_affected":"2.4.5-p13"},{"introduced":"0"},{"last_affected":"2.4.5-p2"},{"introduced":"0"},{"last_affected":"2.4.5-p3"},{"introduced":"0"},{"last_affected":"2.4.5-p4"},{"introduced":"0"},{"last_affected":"2.4.5-p5"},{"introduced":"0"},{"last_affected":"2.4.5-p6"},{"introduced":"0"},{"last_affected":"2.4.5-p7"},{"introduced":"0"},{"last_affected":"2.4.5-p8"},{"introduced":"0"},{"last_affected":"2.4.5-p9"},{"introduced":"0"},{"last_affected":"2.4.6-NA"},{"introduced":"0"},{"last_affected":"2.4.6-p1"},{"introduced":"0"},{"last_affected":"2.4.6-p10"},{"introduced":"0"},{"last_affected":"2.4.6-p11"},{"introduced":"0"},{"last_affected":"2.4.6-p2"},{"introduced":"0"},{"last_affected":"2.4.6-p3"},{"introduced":"0"},{"last_affected":"2.4.6-p4"},{"introduced":"0"},{"last_affected":"2.4.6-p5"},{"introduced":"0"},{"last_affected":"2.4.6-p6"},{"introduced":"0"},{"last_affected":"2.4.6-p7"},{"introduced":"0"},{"last_affected":"2.4.6-p8"},{"introduced":"0"},{"last_affected":"2.4.6-p9"},{"introduced":"0"},{"last_affected":"2.4.7-NA"},{"introduced":"0"},{"last_affected":"2.4.7-b1"},{"introduced":"0"},{"last_affected":"2.4.7-b2"},{"introduced":"0"},{"last_affected":"2.4.7-beta3"},{"introduced":"0"},{"last_affected":"2.4.7-p1"},{"introduced":"0"},{"last_affected":"2.4.7-p2"},{"introduced":"0"},{"last_affected":"2.4.7-p3"},{"introduced":"0"},{"last_affected":"2.4.7-p4"},{"introduced":"0"},{"last_affected":"2.4.7-p5"},{"introduced":"0"},{"last_affected":"2.4.7-p6"},{"introduced":"0"},{"last_affected":"2.4.8-NA"},{"introduced":"0"},{"last_affected":"2.4.8-beta1"},{"introduced":"0"},{"last_affected":"2.4.8-beta2"},{"introduced":"0"},{"last_affected":"2.4.8-p1"},{"introduced":"0"},{"last_affected":"2.4.9-alpha1"}]}}],"versions":["0.1.0-alpha100","0.1.0-alpha101","0.1.0-alpha102","0.1.0-alpha103","0.1.0-alpha104","0.1.0-alpha105","0.1.0-alpha106","0.1.0-alpha107","0.1.0-alpha108","0.1.0-alpha89","0.1.0-alpha90","0.1.0-alpha91","0.1.0-alpha92","0.1.0-alpha93","0.1.0-alpha94","0.1.0-alpha95","0.1.0-alpha96","0.1.0-alpha97","0.1.0-alpha98","0.1.0-alpha99","0.42.0-beta1","0.42.0-beta3","0.74.0-beta1","2.0.0","2.0.0-rc","2.1.0","2.1.0-rc1","2.1.0-rc2","2.1.0-rc3","2.2.0-RC1.1","2.2.0-RC1.2","2.2.0-RC1.3","2.4.4","2.4.4-p1","2.4.4-p10","2.4.4-p11","2.4.4-p12","2.4.4-p13","2.4.4-p2","2.4.4-p3","2.4.4-p4","2.4.4-p5","2.4.4-p6","2.4.4-p7","2.4.4-p8","2.4.4-p9","2.4.5","2.4.5-p1","2.4.5-p10","2.4.5-p11","2.4.5-p12","2.4.5-p13","2.4.5-p2","2.4.5-p3","2.4.5-p4","2.4.5-p5","2.4.5-p6","2.4.5-p7","2.4.5-p8","2.4.5-p9","2.4.6","2.4.6-p1","2.4.6-p10","2.4.6-p11","2.4.6-p2","2.4.6-p3","2.4.6-p4","2.4.6-p5","2.4.6-p6","2.4.6-p7","2.4.6-p8","2.4.6-p9","2.4.7","2.4.7-beta3","2.4.7-p1","2.4.7-p2","2.4.7-p3","2.4.7-p4","2.4.7-p5","2.4.7-p6","2.4.8","2.4.8-beta1","2.4.8-beta2","2.4.8-p1","2.4.9-alpha1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49554.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.4.4-p14"}]},{"events":[{"introduced":"0"},{"fixed":"1.3.3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p10"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p11"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p12"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p13"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p14"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p7"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p8"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.3-p9"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-p1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-p10"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-p11"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-p12"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-p13"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-p2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-p3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-p4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-p5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-p6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-p7"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-p8"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.4-p9"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.5-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.5-p1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.5-p10"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.5-p11"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.5-p2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.5-p3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.5-p4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.5-p5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.5-p6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.5-p7"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.5-p8"}]},{"events":[{"introduced":"0"},{"last_affected":"1.3.5-p9"}]},{"events":[{"introduced":"0"},{"last_affected":"1.4.2-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"1.4.2-p1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.4.2-p2"}]},{"events":[{"introduced":"0"},{"last_affected":"1.4.2-p3"}]},{"events":[{"introduced":"0"},{"last_affected":"1.4.2-p4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.4.2-p5"}]},{"events":[{"introduced":"0"},{"last_affected":"1.4.2-p6"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.2-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.2-p1"}]},{"events":[{"introduced":"0"},{"last_affected":"1.5.3-alpha1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}