CVE-2025-61922: CWE-287: Improper Authentication in PrestaShopCorp ps_checkout
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
AI Analysis
Technical Summary
CVE-2025-61922 is an improper authentication vulnerability (CWE-287) found in the PrestaShop official payment module, ps_checkout, which is developed in partnership with PayPal. The vulnerability exists in versions prior to 4.4.1 and between 5.0.0 and 5.0.5. It arises due to missing validation checks on the Express Checkout feature, allowing an attacker to perform a silent login without providing valid credentials. By exploiting this flaw, an attacker can take over user accounts simply by knowing the victim's email address, bypassing normal authentication mechanisms. This silent login capability compromises the confidentiality and integrity of user accounts, potentially leading to unauthorized access to sensitive personal and payment information, as well as fraudulent transactions. The vulnerability is remotely exploitable without any user interaction or privileges, increasing its risk profile. Although no known exploits have been observed in the wild yet, the high CVSS score of 9.1 reflects the critical nature of this flaw. The vendor has addressed the issue in versions 4.4.1 and 5.0.5, and no workarounds are available, making patching the only effective mitigation.
Potential Impact
For European organizations, especially those operating e-commerce platforms using PrestaShop with the vulnerable ps_checkout module, this vulnerability poses a severe risk. Attackers can silently hijack customer accounts, leading to unauthorized access to personal and payment data, fraudulent orders, and financial losses. The breach of customer trust and potential regulatory penalties under GDPR for failing to protect personal data could have significant reputational and legal consequences. Since PrestaShop is widely used across Europe, particularly in countries with strong e-commerce sectors such as Germany, France, the UK, Spain, and Italy, the impact could be widespread. The vulnerability's ease of exploitation and lack of required authentication or user interaction increase the likelihood of targeted attacks or automated exploitation attempts. Additionally, compromised accounts could be leveraged for further attacks, including phishing or fraud campaigns, amplifying the threat.
Mitigation Recommendations
The primary and only effective mitigation is to upgrade the ps_checkout module to version 4.4.1 or 5.0.5 or later, where the vulnerability has been fixed. Organizations should immediately inventory their PrestaShop installations to identify affected versions and prioritize patching. Given the lack of workarounds, temporary measures such as disabling the Express Checkout feature may reduce exposure but could impact business operations and user experience. Monitoring logs for unusual login patterns or account activities related to Express Checkout is recommended to detect potential exploitation attempts. Implementing additional multi-factor authentication (MFA) on user accounts, if supported, can provide an extra layer of defense. Organizations should also review and tighten access controls and conduct user awareness campaigns to mitigate risks from compromised accounts. Finally, maintaining regular backups and incident response readiness will help mitigate damage if exploitation occurs.
Affected Countries
Germany, France, United Kingdom, Spain, Italy, Netherlands, Belgium, Poland, Sweden, Austria
CVE-2025-61922: CWE-287: Improper Authentication in PrestaShopCorp ps_checkout
Description
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
AI-Powered Analysis
Technical Analysis
CVE-2025-61922 is an improper authentication vulnerability (CWE-287) found in the PrestaShop official payment module, ps_checkout, which is developed in partnership with PayPal. The vulnerability exists in versions prior to 4.4.1 and between 5.0.0 and 5.0.5. It arises due to missing validation checks on the Express Checkout feature, allowing an attacker to perform a silent login without providing valid credentials. By exploiting this flaw, an attacker can take over user accounts simply by knowing the victim's email address, bypassing normal authentication mechanisms. This silent login capability compromises the confidentiality and integrity of user accounts, potentially leading to unauthorized access to sensitive personal and payment information, as well as fraudulent transactions. The vulnerability is remotely exploitable without any user interaction or privileges, increasing its risk profile. Although no known exploits have been observed in the wild yet, the high CVSS score of 9.1 reflects the critical nature of this flaw. The vendor has addressed the issue in versions 4.4.1 and 5.0.5, and no workarounds are available, making patching the only effective mitigation.
Potential Impact
For European organizations, especially those operating e-commerce platforms using PrestaShop with the vulnerable ps_checkout module, this vulnerability poses a severe risk. Attackers can silently hijack customer accounts, leading to unauthorized access to personal and payment data, fraudulent orders, and financial losses. The breach of customer trust and potential regulatory penalties under GDPR for failing to protect personal data could have significant reputational and legal consequences. Since PrestaShop is widely used across Europe, particularly in countries with strong e-commerce sectors such as Germany, France, the UK, Spain, and Italy, the impact could be widespread. The vulnerability's ease of exploitation and lack of required authentication or user interaction increase the likelihood of targeted attacks or automated exploitation attempts. Additionally, compromised accounts could be leveraged for further attacks, including phishing or fraud campaigns, amplifying the threat.
Mitigation Recommendations
The primary and only effective mitigation is to upgrade the ps_checkout module to version 4.4.1 or 5.0.5 or later, where the vulnerability has been fixed. Organizations should immediately inventory their PrestaShop installations to identify affected versions and prioritize patching. Given the lack of workarounds, temporary measures such as disabling the Express Checkout feature may reduce exposure but could impact business operations and user experience. Monitoring logs for unusual login patterns or account activities related to Express Checkout is recommended to detect potential exploitation attempts. Implementing additional multi-factor authentication (MFA) on user accounts, if supported, can provide an extra layer of defense. Organizations should also review and tighten access controls and conduct user awareness campaigns to mitigate risks from compromised accounts. Finally, maintaining regular backups and incident response readiness will help mitigate damage if exploitation occurs.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-10-03T22:21:59.615Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68f12ee39f8a5dbaeaee601e
Added to database: 10/16/2025, 5:44:03 PM
Last enriched: 10/16/2025, 5:59:05 PM
Last updated: 10/19/2025, 7:19:05 AM
Views: 50
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
CriticalCVE-2025-62672: CWE-770 Allocation of Resources Without Limits or Throttling in boyns rplay
MediumNotice: Google Gemini AI's Undisclosed 911 Auto-Dial Bypass – Logs and Evidence Available
CriticalCVE-2025-47410: CWE-352 Cross-Site Request Forgery (CSRF) in Apache Software Foundation Apache Geode
UnknownCVE-2025-11926: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpdreams Related Posts Lite
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.