Your e-commerce store’s security is paramount. At Sunrise Softlabs, we are urging all our Adobe Commerce clients to immediately update to Adobe Commerce 2.4.8-p1. This critical security release, detailed in the Adobe Security Bulletin APSB25-50, addresses serious vulnerabilities that could severely impact your business and customer data.
Why This Patch is Non-Negotiable for Your Business
Adobe Commerce 2.4.8-p1 is not just another update; it’s a vital defense against significant security threats. Released on June 10, 2025, this patch resolves critical and important vulnerabilities that, if left unaddressed, could lead to:
- Security Feature Bypass: Attackers could bypass your existing security measures, gaining unauthorized access.
- Privilege Escalation: Malicious actors could elevate their access rights within your system.
- Arbitrary Code Execution: Attackers could run harmful code on your server, potentially leading to data breaches, complete site compromise, and significant financial and reputational damage.
Failing to apply these latest security updates promptly will leave your store vulnerable to these serious issues, with limited means for Adobe to provide further remediation.
Key Security and Performance Enhancements in 2.4.8-p1
Beyond addressing critical vulnerabilities, this release also brings valuable improvements to your Adobe Commerce platform:
- API Performance Enhancement: Resolves performance degradation in bulk asynchronous web API endpoints, ensuring smoother and more efficient integrations.
- CMS Blocks Access Fix: Corrects an issue where Admin users with restricted permissions (e.g., merchandising-only access) were unable to view the CMS Blocks listing page, improving content management workflows.
- Cookie Limit Compatibility: Restores expected behavior for extensions and customizations interacting with cookie limits, ensuring broader compatibility across your store’s features.
- Restricted Async Operations: Enhances security by restricting asynchronous operations related to overriding previous customer orders.
- Direct Vulnerability Fixes:
- CVE-2025-47110: Addresses a critical email templates vulnerability (Stored Cross-Site Scripting via Server-Side Template Injection).
- VULN-31547: Resolves a category canonical link vulnerability (Reflected XSS in marketplace.magento.com and a one-click account takeover issue in IMS instances).
For immediate mitigation, isolated patches for CVE-2025-47110 and VULN-31547 are also available, allowing for targeted application with potentially fewer integration risks.
Is Your Adobe Commerce Store Affected?
This security update applies to a wide range of Adobe Commerce versions:
- Adobe Commerce 2.4.8
- Adobe Commerce 2.4.7-p5 and earlier
- Adobe Commerce 2.4.6-p10 and earlier
- Adobe Commerce 2.4.5-p12 and earlier
- Adobe Commerce 2.4.4-p13 and earlier
If your store operates on any of these versions, immediate action is crucial.
Important Note for B2B Merchants: After applying the 2.4.8-p1 security patch, it is essential to also update to the latest compatible B2B security patch release to ensure full security coverage. Please refer to the B2B release notes for specific guidance.
How Sunrise Softlabs Ensures Your Store’s Security
Applying security patches requires careful execution to avoid disruptions to your live store. Sunrise Softlabs is here to help you navigate this essential process seamlessly. Our comprehensive patching services include:
- Thorough Backup: A complete backup of your database and files before any patch application.
- Compatibility Assessment: Verifying the patch’s compatibility with your current Adobe Commerce version and installed extensions.
- Staging Environment Testing: Applying and testing the patch on a staging environment to identify and resolve any potential conflicts before deployment to your live site.
- Expert Patch Application: Our experienced Adobe Commerce developers ensure the patches are applied correctly and efficiently.
- Post-Patch Verification: Meticulous checks to confirm all functionalities are working as expected after the update.
Don’t compromise your e-commerce store’s security or your customers’ trust. Proactive patching is your best defense against evolving cyber threats.
Ready to secure your Adobe Commerce store?
Contact Sunrise Softlabs today to schedule your Adobe Commerce 2.4.8-p1 security patch application.
Ravi Chandra (CTO): ravi.chandra@sunrisesoftlabs.com
Shakshi (CAM): shakshi@sunrisesoftlabs.com
Visit our website: https://sunrisesoftlabs.com/