Adobe has issued Security Bulletin APSB25-71, which provides a critical patch for Adobe Commerce and Magento Open Source. Released on August 12, 2025, the patch fixes both critical and important security vulnerabilities that could critically affect e-commerce sites if not patched.
What’s in the Patch?
Adobe Commerce and Magento Open Source users should apply APSB25-71, which fixes a number of risks. The technical analysis shows, APSB25-71 corrects vulnerabilities such as:
- Improper input validation
- Cross-site request forgery (CSRF)
- Incorrect authorization checks
- Stored cross-site scripting (XSS)
- TOCTOU (Time-of-Check Time-of-Use) race conditions
- Path traversal vulnerabilities
These vulnerabilities, if used, might provide attackers with the opportunity to control workflows, attain elevated privileges, and access forbidden resources.
Affected Versions & Compatibility
The patch applies across the Adobe Commerce 2.4.x line—specifically including patch levels like 2.4.5-p14 and 2.4.7-p6, as well as similar Magento Open Source versions.
| Product | Version | Updated Version |
| Adobe Commerce | 2.4.9-alpha1 2.4.8-p1 and earlier 2.4.7-p6 and earlier 2.4.6-p11 and earlier 2.4.5-p13 and earlier 2.4.4-p14 and earlier | 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 |
| Adobe Commerce B2B | 1.5.3-alpha1 1.5.2-p1 and earlier 1.4.2-p6 and earlier 1.3.5-p11 and earlier 1.3.4-p13 and earlier 1.3.3-p14 and earlier | 1.5.3-alpha2 1.5.2-p2 1.4.2-p7 1.3.4-p14 1.3.3-p15 |
| Magento Open Source | 2.4.9-alpha1 2.4.8-p1 and earlier 2.4.7-p6 and earlier 2.4.6-p11 and earlier 2.4.5-p13 and earlier | 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 |
Tip for B2B users: After applying APSB25-71, ensure you also install the latest compatible B2B security patch to maintain comprehensive protection.
Latest Security Patches Installation
Applying patches—particularly for advanced configurations—is tricky. That’s where MageComp’s Magento Security Patches Installation Service steps in as a hassle-free, professional experience. If you are running a sophisticated installation or need to ensure patching is done correctly, MageComp can help simplify the process by using professionally trained experts to manage the patching process.
Final Take
Security Bulletin APSB25-71 is a critical patch for Adobe Commerce and Magento Open Source. With the capability to block serious threats—like data breaches, service disruptions, and unauthorized access—it’s vital to act quickly, even though no attacks are currently known. Perform a controlled rollout and include any necessary B2B patching to ensure a smooth, secure experience.
FAQ
- What is Adobe Commerce Security Update APSB25-71?
APSB25-71 is a security patch released on August 12, 2025, by Adobe to address multiple vulnerabilities in Adobe Commerce and Magento Open Source. The patch fixes issues including security bypass, privilege escalation, arbitrary file system read, and denial of service (DoS).
- Which versions of Adobe Commerce are affected?
The patch applies to Adobe Commerce 2.4.x and corresponding Magento Open Source versions. If you are running 2.4.5-p14, 2.4.7-p6, or similar releases, your store requires this update.
- How do I install APSB25-71?
You can apply APSB25-71 by:
- Using Composer update commands
- Manually applying the patch
- Testing it first on a staging environment before deploying it live
If you are unsure about patching, you can engage professional help, such as MageComp’s Magento Security Patches Installation Service
- What happens if I don’t install APSB25-71?
By not applying the patch, your store would still be vulnerable to attacks. Hackers can exploit privilege escalation, bypassing security measures and subsequently conducting Denial of Service (DoS) attacks against your store. The consequences can include data theft, damaging customer trust, and lost revenue.
- Can you assist me in installing the patch?
Yes! MageComp offers an installation service for Magento Security Patches, where experienced technicians implement the patching. They make sure that compatibility is confirmed, back up your data for safety, install the patches, and as a result, you receive a safe shop, without disruption to store operations.
