On April 8, 2025, Adobe released a security update for Adobe Commerce and Magento Open Source: Adobe Commerce Security Update APSB25-26. The latest update addresses important and moderate vulnerabilities that could lead to security feature bypass, privilege escalation, and application denial-of-service.
Key Vulnerabilities Addressed By
This patch addresses various security vulnerabilities, including:
- Improper Authentication
- Cross-Site Request Forgery (CSRF)
- Improper Access Control
- Insufficiently Protected Credentials
These vulnerabilities cause significant security risks, making it crucial for businesses to apply the update immediately to prevent potential security breaches.
Affected Versions
The Adobe Commerce Security Update APSB25-26 impacts the following versions of Adobe Commerce, Adobe Commerce B2B, and Magento Open Source.
- Adobe Commerce: 2.4.8 for 2.4.8-beta2, 2.4.7-p5 for 2.4.7-p4 and earlier, 2.4.6-p10 for 2.4.6-p9 and earlier, 2.4.5-p12 for 2.4.5-p11 and earlier, 2.4.4-p13 for 2.4.4-p12 and earlier
- Adobe Commerce B2B: 1.5.2 for 1.5.1, 1.4.2-p5 for 1.4.2-p4 and earlier, 1.3.5-p10 for 1.3.5-p9 and earlier, 1.3.4-p12 for 1.3.4-p11 and earlier, 1.3.3-p13 for 1.3.3-p12 and earlier
- Magento Open Source: 2.4.8 for 2.4.8-beta2, 2.4.7-p5 for 2.4.7-p4 and earlier, 2.4.6-p10 for 2.4.6-p9 and earlier, 2.4.5-p12 for 2.4.5-p11 and earlier, 2.4.4-p13 for 2.4.4-p12 and earlier
Recommended Action
Adobe strongly recommends that users apply the patches immediately to minimize exposure to vulnerabilities and enhance security.
How to Install the Update?
Step 1: Download the relevant patch files
Step 2: Install the security patch on a staging platform first
Step 3: Verify the successful installation by checking the patch status using the provided tools
Step 4: Deploy the update on the live platform after confirming stability on staging
To improve systems’ security, companies should update their software, implement strong access controls, and monitor for suspicious activities to mitigate future security threats.
As an Adobe Commerce certified partner, ioVista can help you implement the latest security patch without hindering your ongoing eCommerce operations. Connect with our certified experts to install this update.