Platform
php
Component
prestashop/ps_checkout
Fixed in
1.3.1
5.0.1
4.4.1
CVE-2025-61922 is a critical vulnerability affecting the ps_checkout module in PrestaShop. This vulnerability allows for a silent log-in through the Express Checkout feature, potentially granting attackers unauthorized access to user accounts and sensitive data. The vulnerability impacts PrestaShop versions 1.3.0 and earlier, with fixes released in versions 4.4.1, 5.0.5 for PrestaShop 1.7, 8, and 9.
The core of this vulnerability lies in the lack of proper validation within the Express Checkout functionality of the ps_checkout module. An attacker can exploit this by crafting a malicious request that bypasses authentication checks, effectively logging in as another user without their knowledge or consent. This silent log-in grants the attacker full access to the affected user's account, enabling them to modify personal information, place fraudulent orders, access payment details, and potentially compromise other connected systems. The potential blast radius extends to all users who utilize the Express Checkout feature in vulnerable PrestaShop installations, particularly those with administrative privileges.
CVE-2025-61922 was publicly disclosed on October 16, 2025. While no active exploitation campaigns have been publicly confirmed, the critical severity and ease of exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code may emerge, increasing the risk of widespread exploitation.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-61922 is to immediately upgrade the ps_checkout module to version 4.4.1 or later, or to PrestaShop versions 7.4.4.1, 8.4.4.1, 7.5.0.5, 8.5.0.5, or 9.5.0.5. If upgrading is not immediately feasible, consider temporarily disabling the Express Checkout feature to prevent exploitation. Web Application Firewalls (WAFs) configured to inspect and filter HTTP requests can be deployed to block malicious payloads targeting the Express Checkout endpoint. Review PrestaShop's security best practices and ensure all other modules are up-to-date to minimize the overall attack surface. After upgrade, confirm the vulnerability is resolved by attempting an Express Checkout with a test user account and verifying that authentication is properly enforced.
Update the ps_checkout module to version 4.4.1 or higher, or to version 5.0.5 or higher. This will correct the validation bypass vulnerability in the Express Checkout feature that allows account takeover via email. The update can be performed through the PrestaShop administration panel.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-61922 is a critical vulnerability in the PrestaShop ps_checkout module that allows attackers to silently log in users without authentication, potentially gaining unauthorized access.
You are affected if you are running PrestaShop with the ps_checkout module version 3.0.2 or earlier. Upgrade to a patched version to mitigate the risk.
Upgrade the ps_checkout module to version 4.4.1 or later, or upgrade to PrestaShop versions 7.4.4.1, 8.4.4.1, 7.5.0.5, 8.5.0.5, or 9.5.0.5.
While no active exploitation campaigns have been publicly confirmed, the critical severity suggests a high probability of exploitation.
Refer to the official PrestaShop security advisory for detailed information and updates: [https://security.prestashop.com/](https://security.prestashop.com/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.