What is CVE-2025-61924?

### Impact Wrong usage of the PHP `array_search()` allows bypass of validation. ### Patches The problem has been patched in versions: - v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1) - v4.4.1 for PrestaShop 8 (build number: 8.4.4.1) - v5.0.5 for PrestaShop 1.7 (build number: 7.5.0.5) - v5.0.5 for PrestaShop 8 (build number: 8.5.0.5) - v5.0.5 for PrestaShop 9 (build number: 9.5.0.5) Read the [Versioning policy](https://github.com/PrestaShopCorp/ps_checkout/wiki/Versioning) to learn more about the build number. ### Credits [Léo CUNÉAZ](https://github.com/inem0o) reported this issue.

What is the severity of CVE-2025-61924?

CVE-2025-61924 has a CVSS v3 score of 3.8, which is classified as Low severity.

Is there an exploit available for CVE-2025-61924?

No known public exploits are currently available for CVE-2025-61924.

Is there a patch available for CVE-2025-61924?

Yes, patches are available for CVE-2025-61924. Check the vendor advisories for update instructions.

CVE-2025-61924 - CVE Details, Severity, and Analysis

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Severity Scores

CVSS v33.8

CVSS v20.0

Priority Score86.0

EPSS Score0.0

Low

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

3.8

CVSS

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Impact

Wrong usage of the PHP array_search() allows bypass of validation.

Patches

The problem has been patched in versions:

v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1)
v4.4.1 for PrestaShop 8 (build number: 8.4.4.1)
v5.0.5 for PrestaShop 1.7 (build number: 7.5.0.5)
v5.0.5 for PrestaShop 8 (build number: 8.5.0.5)
v5.0.5 for PrestaShop 9 (build number: 9.5.0.5)

Read the Versioning policy to learn more about the build number.

Credits

Léo CUNÉAZ reported this issue.

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:High

User Interaction:Network

Scope:Unchanged

Confidentiality:Local

Integrity:Local

Availability:Network

Patch References

Security [email protected]

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Prestashop	Prestashop Checkout

CVE-2025-61924 - CVE Details, Severity, and Analysis | Strobes VI