On October 14, 2025, Adobe released a new security update, APSB25-94, for Adobe Commerce and Magento Open Source. The latest update addresses many critical vulnerabilities that could lead to security feature bypass, privilege escalation, and arbitrary code execution. Additionally, Adobe Commerce APSB25-94 upgrade replaces TinyMCE with Hugerte and strengthens queue management via Magento_Stomp.
Key Vulnerabilities Addressed by the Adobe Commerce Security Update
The security patch APSB25-94 addresses various security vulnerabilities, including:
- Improper Access Control
- Cross-Site Scripting
- Improper Authorization
These issues cause critical risks, making it essential for businesses to act instantly by applying the update to prevent potential security breaches.
Versions Affected by the Adobe Commerce Security Update APSB25-94
The Adobe Commerce Security Update APSB25-94 impacts the following versions of Adobe Commerce, Adobe Commerce B2B, and Magento Open Source.
- Adobe Commerce: 2.4.9-alpha2 and earlier, 2.4.8-p2 and earlier, 2.4.7-p7 and earlier, 2.4.6-p12 and earlier, 2.4.5-p14 and earlier, 2.4.4-p15 and earlier.
- Adobe Commerce B2B: 1.5.3-alpha2 and earlier, 1.5.2-p2 and earlier, 1.4.2-p7 and earlier, 1.3.5-p12 and earlier, 1.3.4-p14 and earlier, 1.3.3-p15 and earlier.
- Magento Open Source: 2.4.9-alpha2 and earlier, 2.4.8-p2 and earlier, 2.4.7-p7 and earlier, 2.4.6-p12 and earlier, 2.4.5-p14 and earlier.
Products Affected by the Adobe Commerce Security Update
The update impacts different digital products of Adobe Commerce/Magento Open Source, including:
- Adobe Commerce: 2.4.9-alpha3 for 2.4.9-alpha2, 2.4.8-p3 for 2.4.8-p2 and earlier, 2.4.7-p8 for 2.4.7-p7 and earlier, 2.4.6-p13 for 2.4.6-p12 and earlier, 2.4.5-p15 for 2.4.5-p14 and earlier, 2.4.4-p16 for 2.4.4-p15 and earlier.
- Adobe Commerce B2B: 1.5.3-alpha3 for 1.5.3-alpha2, 1.5.2-p3 for 1.5.2-p2 and earlier, 1.4.2-p8 for 1.4.2-p7 and earlier, 1.3.4-p13 for 1.3.4-p12 and earlier, 1.3.3-p14 for 1.3.3-p13 and earlier, 1.3.3-p16 for 1.3.3-p15 and earlier.
- Magento Open Source: 2.4.9-alpha3 for 2.4.9-alpha2, 2.4.8-p3 for 2.4.8-p2 and earlier, 2.4.7-p8 for 2.4.7-p7 and earlier, 2.4.6-p13 for 2.4.6-p12 and earlier, 2.4.5-p15 for 2.4.5-p14 and earlier.
Recommended Action
Adobe strongly recommends that users apply the patch quickly to enhance security and minimize exposure to vulnerabilities.
How to Install the Update?
Step 1: Download the relevant patch files.
Step 2: Install the security patch on a staging platform first.
Step 3: Verify the installation by checking the patch status using the provided tools.
Step 4: Deploy the update on the live platform after confirming stability on staging.
To enhance the solution’s security and mitigate future threats, businesses should take quick actions, such as:
- Update the Software
- Implement Strong Access Controls
- Monitor for Suspicious Activities
ioVista, an Adobe Commerce certified partner, helps you implement the latest security patch without impacting your ongoing eCommerce operations. Connect with our certified experts to install this update.