Adobe has released a critical security update APSB25-94 on October 14, 2025, addressing multiple high-severity vulnerabilities that could allow:

• Security feature bypass (Improper Access Control)

• Privilege escalation (Cross-Site Scripting)

• Arbitrary code execution (Incorrect Authorization)

Actions Required:

1. Update to the latest patched version immediately.

2. Always back up your store before applying patches.

3. Test the update on a staging environment first.

4. Apply selective patches if a full upgrade isn’t possible.

Affected Versions

• Adobe Commerce ≤ 2.4.9-alpha2

• Commerce B2B ≤ 1.5.3-alpha2

• Magento Open Source ≤ 2.4.9-alpha2

Patched Versions

• 2.4.9-alpha3

• 2.4.8-p3

• 2.4.7-p8

These updates are strongly recommended to prevent potential risks such as unauthorized admin access, customer data exposure, or downtime.

For a deeper look, see the official Adobe release guide or our detailed post on the Meetanshi blog.

Don’t have time to apply the patch/upgrade Magento version yourself? No worries, our experts can handle it for you. Check out our Magento Security Patch Installation Service.