CVE-2025-30151 | THREATINT

Description

Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

PUBLISHED Reserved 2025-03-17 | Published 2025-04-08 | Updated 2025-04-08 | Assigner GitHub_M

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-20: Improper Input Validation

Product status

< 6.5.8.17

affected

>= 6.6.0.0, < 6.6.10.3

affected

>= 6.7.0.0-rc1, < 6.7.0.0-rc2

affected

References

github.com/...opware/security/advisories/GHSA-cgfj-hj93-rmh2

cve.org (CVE-2025-30151)

nvd.nist.gov (CVE-2025-30151)

Download JSON