Aikido Intel
Secure My Code
Intel

AIKIDO-2025-10574

magento/extension-b2b is vulnerable to Incorrect Authorization

Incorrect AuthorizationCVE-2025-49556 Published Aug 25, 2025

88

High Risk

This Affects:

PHPmagento/extension-b2b
1.0.0 - 1.3.3-p14
Fixed in 1.3.3-p15
1.3.4 - 1.3.4-p13
Fixed in 1.3.4-p14
1.3.5 - 1.4.2-p6
Fixed in 1.4.2-p7
1.5.0 - 1.5.2-p1
Fixed in 1.5.2-p2
Are you affected? Scan for Free

TL;DR

Affected versions of this package are vulnerable to several security risks: successful exploitation of known flaws can result in security feature bypass, privilege escalation, arbitrary file system read, and application denial-of-service (DoS) in Adobe Commerce and Magento Open Source platforms. The issues include improper input validation (CWE-20), CSRF (CWE-352), incorrect authorization (CWE-863), stored cross-site scripting (CWE-79), TOCTOU race conditions (CWE-367), and path traversal (CWE-22).

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

magento/extension-b2b is vulnerable to Incorrect Authorization in versions 1.5.0 - 1.5.2-p1, 1.3.5 - 1.4.2-p6, 1.3.4 - 1.3.4-p13 and 1.0.0 - 1.3.3-p14.

How to fix this

Upgrade magento/extension-b2b to the patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done