CVE-2025-30151

Summary

Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

Affected Software

VendorProductVersion RangeStatus
shopwareshopware< 6.5.8.17affected
shopwareshopware>= 6.6.0.0, < 6.6.10.3affected
shopwareshopware>= 6.7.0.0-rc1, < 6.7.0.0-rc2affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References