CVE-2025-7954

A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations.

CVSS

No CVSS.

References

Link	Resource
https://github.com/shopware/shopware/issues/11245
https://github.com/shopware/shopware/issues/11245

Configurations

No configuration.

History

07 Aug 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://github.com/shopware/shopware/issues/11245 -~~	() https://github.com/shopware/shopware/issues/11245 -

06 Aug 2025, 20:23

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad de condición de ejecución en el sistema de cupones de Shopware v6.6.10.4 que permite a los atacantes eludir las restricciones de cupones previstas y superar las limitaciones de uso.

06 Aug 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-06 08:15

Updated : 2025-08-07 15:15

NVD link : CVE-2025-7954

Mitre link : CVE-2025-7954

CVE.ORG link : CVE-2025-7954

JSON object : View

Products Affected

No product.

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2025-7954", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.0, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-06T08:15:30.930", "references": [{"url": "https://github.com/shopware/shopware/issues/11245", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "https://github.com/shopware/shopware/issues/11245", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "A race condition vulnerability has been identified in Shopware's voucher system of Shopware\u00a0v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n en el sistema de cupones de Shopware v6.6.10.4 que permite a los atacantes eludir las restricciones de cupones previstas y superar las limitaciones de uso."}], "lastModified": "2025-08-07T15:15:33.297", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf"}