CVE-2025-61922 is a critical security vulnerability classified under CWE-287 (Improper Authentication) found in the PrestaShopCorp ps_checkout module, which is the official payment module integrated with PayPal. The vulnerability exists in versions starting from 1.3.0 up to but excluding 4.4.1, and from 5.0.0 up to but excluding 5.0.5. The root cause is a missing validation step in the Express Checkout feature, which allows an attacker to bypass authentication controls and silently log into user accounts using only their email addresses. This silent login effectively enables account takeover without requiring user interaction, credentials, or elevated privileges. The vulnerability has a CVSS v3.1 score of 9.1, indicating critical severity, with an attack vector of network (remote), no required privileges, no user interaction, and high impact on confidentiality and integrity, but no impact on availability. The vulnerability was publicly disclosed on October 16, 2025, and no known exploits have been observed in the wild to date. The issue is resolved in versions 4.4.1 and 5.0.5 of the ps_checkout module. Due to the lack of workarounds, affected organizations must upgrade promptly to mitigate risk. The vulnerability poses a significant threat to e-commerce platforms using PrestaShop, potentially allowing attackers to hijack user accounts, manipulate orders, or commit fraud.

For European organizations, especially those operating e-commerce platforms using PrestaShop with the vulnerable ps_checkout module, this vulnerability presents a severe risk. Account takeover can lead to unauthorized access to customer accounts, exposing sensitive personal and payment information, which violates GDPR and other data protection regulations. Attackers could manipulate orders, conduct fraudulent transactions, or steal customer data, damaging brand reputation and causing financial losses. The lack of user interaction and authentication requirements makes exploitation straightforward, increasing the likelihood of attacks. Given the widespread use of PrestaShop in Europe, particularly among small and medium-sized enterprises, the impact could be broad. Additionally, compromised accounts could be leveraged for further attacks or phishing campaigns targeting European customers. The critical severity and ease of exploitation necessitate urgent remediation to avoid regulatory penalties and operational disruption.

The primary mitigation is to upgrade the ps_checkout module to version 4.4.1 or later, or 5.0.5 or later, where the vulnerability is patched. Organizations should audit their PrestaShop installations to identify affected versions and prioritize patching. Since no workarounds exist, temporary measures such as disabling the Express Checkout feature could reduce exposure but may impact user experience. Implementing additional monitoring for unusual login activity or account behavior can help detect exploitation attempts. Enforcing multi-factor authentication (MFA) at the application or payment gateway level may provide an additional security layer, although it may not fully prevent silent logins caused by this vulnerability. Regularly reviewing access logs and integrating threat intelligence feeds for emerging exploit indicators is recommended. Finally, organizations should notify customers about potential risks and encourage vigilance against phishing or suspicious activity.