Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2025-61922: CWE-287: Improper Authentication in PrestaShopCorp ps_checkout

0
Critical
VulnerabilityCVE-2025-61922cvecve-2025-61922cwe-287
Published: Thu Oct 16 2025 (10/16/2025, 17:26:14 UTC)
Source: CVE Database V5
Vendor/Project: PrestaShopCorp
Product: ps_checkout

Description

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.

AI-Powered Analysis

AILast updated: 10/16/2025, 17:59:05 UTC

Technical Analysis

CVE-2025-61922 is an improper authentication vulnerability (CWE-287) found in the PrestaShop official payment module, ps_checkout, which is developed in partnership with PayPal. The vulnerability exists in versions prior to 4.4.1 and between 5.0.0 and 5.0.5. It arises due to missing validation checks on the Express Checkout feature, allowing an attacker to perform a silent login without providing valid credentials. By exploiting this flaw, an attacker can take over user accounts simply by knowing the victim's email address, bypassing normal authentication mechanisms. This silent login capability compromises the confidentiality and integrity of user accounts, potentially leading to unauthorized access to sensitive personal and payment information, as well as fraudulent transactions. The vulnerability is remotely exploitable without any user interaction or privileges, increasing its risk profile. Although no known exploits have been observed in the wild yet, the high CVSS score of 9.1 reflects the critical nature of this flaw. The vendor has addressed the issue in versions 4.4.1 and 5.0.5, and no workarounds are available, making patching the only effective mitigation.

Potential Impact

For European organizations, especially those operating e-commerce platforms using PrestaShop with the vulnerable ps_checkout module, this vulnerability poses a severe risk. Attackers can silently hijack customer accounts, leading to unauthorized access to personal and payment data, fraudulent orders, and financial losses. The breach of customer trust and potential regulatory penalties under GDPR for failing to protect personal data could have significant reputational and legal consequences. Since PrestaShop is widely used across Europe, particularly in countries with strong e-commerce sectors such as Germany, France, the UK, Spain, and Italy, the impact could be widespread. The vulnerability's ease of exploitation and lack of required authentication or user interaction increase the likelihood of targeted attacks or automated exploitation attempts. Additionally, compromised accounts could be leveraged for further attacks, including phishing or fraud campaigns, amplifying the threat.

Mitigation Recommendations

The primary and only effective mitigation is to upgrade the ps_checkout module to version 4.4.1 or 5.0.5 or later, where the vulnerability has been fixed. Organizations should immediately inventory their PrestaShop installations to identify affected versions and prioritize patching. Given the lack of workarounds, temporary measures such as disabling the Express Checkout feature may reduce exposure but could impact business operations and user experience. Monitoring logs for unusual login patterns or account activities related to Express Checkout is recommended to detect potential exploitation attempts. Implementing additional multi-factor authentication (MFA) on user accounts, if supported, can provide an extra layer of defense. Organizations should also review and tighten access controls and conduct user awareness campaigns to mitigate risks from compromised accounts. Finally, maintaining regular backups and incident response readiness will help mitigate damage if exploitation occurs.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-10-03T22:21:59.615Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68f12ee39f8a5dbaeaee601e

Added to database: 10/16/2025, 5:44:03 PM

Last enriched: 10/16/2025, 5:59:05 PM

Last updated: 10/19/2025, 7:19:05 AM

Views: 50

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats