CVE-2025-30151

High CVSS: 7.5

Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

Vendor

Shopware

Product

Shopware

CWE

CWE-20

Yayın Tarihi

2025-04-08 14:15:34

Güncelleme

2025-09-10 15:26:36

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-20 Shopware HIGH Shopware 2025

Referanslar

https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2

Benzer Kayıtlar

High

CVE-2026-31889

Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration…

Medium

CVE-2026-31888

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint (POST /store-api/acc…

High

CVE-2026-31887

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, an insufficient check on the filter types for una…

High

CVE-2026-23498

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array a…

High

CVE-2025-67648

Shopware is an open commerce platform. Versions 6.4.6.0 through 6.6.10.9 and 6.7.0.0 through 6.7.5.0 have a Reflected XS…

Medium

CVE-2025-7954

A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attack…