Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2025-61924: CWE-184: Incomplete List of Disallowed Inputs in PrestaShopCorp ps_checkout

0
Low
VulnerabilityCVE-2025-61924cvecve-2025-61924cwe-184
Published: Thu Oct 16 2025 (10/16/2025, 17:33:49 UTC)
Source: CVE Database V5
Vendor/Project: PrestaShopCorp
Product: ps_checkout

Description

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP array_search(). The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.

AI-Powered Analysis

AILast updated: 10/16/2025, 17:59:32 UTC

Technical Analysis

CVE-2025-61924 is a vulnerability identified in the PrestaShop official payment module, ps_checkout, which integrates PayPal payment processing. The issue stems from an incomplete list of disallowed inputs due to incorrect usage of PHP's array_search() function within the module's code. Specifically, this improper input validation allows an attacker with backoffice access—meaning someone with administrative privileges on the PrestaShop backend—to manipulate the PayPal merchant account configuration. By exploiting this flaw, the attacker can hijack the merchant account, potentially redirecting payments or intercepting funds. The vulnerability affects ps_checkout versions prior to 4.4.1 and versions from 5.0.0 up to but not including 5.0.5. The flaw is categorized under CWE-184 (Incomplete List of Disallowed Inputs), which indicates insufficient filtering or validation of input data. The vulnerability does not require user interaction but does require high privileges, limiting the attack surface to insiders or compromised administrative accounts. The CVSS 3.1 base score is 3.8, reflecting low severity due to the privilege requirement and limited impact scope. No known exploits have been reported in the wild, and no workarounds exist other than upgrading to the patched versions 4.4.1 or 5.0.5. This vulnerability primarily threatens the confidentiality and integrity of payment processing data, risking financial fraud and loss of merchant trust.

Potential Impact

For European organizations, especially e-commerce businesses using PrestaShop with the ps_checkout module, this vulnerability poses a risk of financial fraud through merchant account hijacking. An attacker with backoffice access could redirect payments or manipulate transaction data, leading to direct financial losses and reputational damage. Given the widespread use of PrestaShop in Europe, particularly among small and medium-sized enterprises (SMEs) in countries with strong e-commerce sectors like Germany, France, Spain, and Italy, the impact could be significant if exploited. The vulnerability does not affect availability, so operational disruption is unlikely, but the breach of payment integrity could lead to regulatory scrutiny under GDPR due to potential unauthorized access to payment-related personal data. The requirement for high privileges limits the threat to insiders or attackers who have already compromised administrative credentials, emphasizing the importance of strong access controls and monitoring.

Mitigation Recommendations

European organizations should immediately verify their ps_checkout module version and upgrade to version 4.4.1 or 5.0.5 or later to remediate the vulnerability. Since no workarounds exist, patching is the only effective mitigation. Additionally, organizations should enforce strict access controls on backoffice accounts, including multi-factor authentication (MFA) for administrative users, to reduce the risk of credential compromise. Regular auditing and monitoring of backoffice activities can help detect unauthorized changes to payment configurations. Implementing role-based access control (RBAC) to limit the number of users with merchant account modification privileges is advisable. Organizations should also review logs for suspicious activity related to payment settings and consider isolating payment configuration functions to minimize exposure. Finally, educating staff about phishing and credential security can reduce the risk of initial compromise.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-10-03T22:21:59.615Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68f12ee39f8a5dbaeaee6015

Added to database: 10/16/2025, 5:44:03 PM

Last enriched: 10/16/2025, 5:59:32 PM

Last updated: 10/19/2025, 10:45:30 AM

Views: 33

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats