Adobe Commerce Security Update APSB25-50: Key Highlights

11 Jun 2025

Mike Patel

Adobe released a security update for Adobe Commerce and Magento Open Source on June 10, 2025. Adobe Commerce Security Update APSB25-50 addresses the critical vulnerabilities that could lead to security feature bypass, privilege escalation, and arbitrary code execution.

Key Vulnerabilities Addressed by the Adobe Commerce Security Update

This patch addresses the following vulnerabilities:

Cross-Site Scripting
Improper Authorization
Improper Access Control

These issues cause critical risks, making it essential for businesses to act immediately by applying the update to prevent potential security breaches.

Risk Caused by Vulnerability

Attackers can inject persistent malicious code in email templates. It may lead to admin session hijacking and arbitrary code execution.

Versions Affected by the Adobe Commerce Security Update

The update impacts various versions of Adobe Commerce and Magento Open Source, including:

Adobe Commerce: 2.4.8, 2.4.7-p5 and earlier, 2.4.6-p10 and earlier, 2.4.5-p12 and earlier, 2.4.4-p13 and earlier.
Adobe Commerce B2B: 1.5.2 and earlier, 1.4.2-p5 and earlier, 1.3.5-p10 and earlier, 1.3.4-p12 and earlier, 1.3.3-p13 and earlier.
Magento Open Source: 2.4.8, 2.4.7-p5 and earlier, 2.4.6-p10 and earlier, 2.4.5-p12 and earlier.

Products Affected by the Adobe Commerce Security Update

The update impacts different digital products of Adobe Commerce/Magento Open Source, including:

Adobe Commerce: 2.4.9-alpha1, 2.4.8-p1 for 2.4.8, 2.4.7-p6 for 2.4.7-p5 and earlier, 2.4.6-p11 for 2.4.6-p10 and earlier, 2.4.5-p13 for 2.4.5-p12 and earlier, 2.4.4-p14 for 2.4.4-p13 and earlier.
Adobe Commerce B2B: 1.5.3-alpha1, 1.5.2-p1 for 1.5.2, 1.4.2-p6 for 1.4.2-p5 and earlier, 1.3.4-p13 for 1.3.4-p12 and earlier, 1.3.3-p14 for 1.3.3-p13 and earlier.
Magento Open Source: 2.4.9-alpha1, 2.4.8-p1 for 2.4.8, 2.4.7-p6 for 2.4.7-p5 and earlier, 2.4.6-p11 for 2.4.6-p10 and earlier,2.4.5-p13 for 2.4.5-p12 and earlier.

CVE-2025-47110, an isolate patch released for Adobe Commerce and Magento Open Source products. The standalone patch addresses the product vulnerabilities effectively.

Recommended Action

Adobe strongly recommends that users apply the patch quickly to enhance security and minimize exposure to vulnerabilities.

How to Install the Update?

Step 1: Download the relevant patch files

Step 2: Install the security patch on a staging platform first

Step 3: Verify the installation by checking the patch status using the provided tools

Step 4: Deploy the update on the live platform after confirming stability on staging

To enhance the solution’s security and mitigate future security threats, businesses should take actions like

Update the Software
Implement Strong Access Control
Monitor for Suspicious Activities

ioVista, an Adobe Commerce certified partner, helps you implement the latest security patch without disturbing your ongoing eCommerce operations. Connect with our certified experts to install this update.

Click here for the official link.

Mike Patel

Mike Patel is the Founder and CEO of ioVista, a leading digital commerce agency specializing in eCommerce solutions. With a strong background in business and technology, Mike Patel has been at the forefront of driving digital transformations for businesses. He has successfully navigated the ever-changing landscape of eCommerce, helping companies leverage the power of online platforms to grow their brand, increase revenues, and optimize their digital presence. Under his leadership, ioVista has become a trusted partner with major technology companies: Adobe/Magento, Google, BigCommerce, Shopify, and Yahoo. He is dedicated to staying ahead of industry trends, adopting cutting-edge technologies, and continuously improving strategies to provide clients with a competitive edge. Mike’s commitment to excellence and client satisfaction is evident in every project ioVista undertakes.