Platform
php
Component
prestashop/ps_checkout
Opgelost in
1.3.1
5.0.1
4.4.1
CVE-2025-61922 is a critical vulnerability affecting the ps_checkout module in PrestaShop. This vulnerability allows for a silent log-in through the Express Checkout feature, potentially granting attackers unauthorized access to user accounts and sensitive data. The vulnerability impacts PrestaShop versions 1.3.0 and earlier, with fixes released in versions 4.4.1, 5.0.5 for PrestaShop 1.7, 8, and 9.
The core of this vulnerability lies in the lack of proper validation within the Express Checkout functionality of the ps_checkout module. An attacker can exploit this by crafting a malicious request that bypasses authentication checks, effectively logging in as another user without their knowledge or consent. This silent log-in grants the attacker full access to the affected user's account, enabling them to modify personal information, place fraudulent orders, access payment details, and potentially compromise other connected systems. The potential blast radius extends to all users who utilize the Express Checkout feature in vulnerable PrestaShop installations, particularly those with administrative privileges.
CVE-2025-61922 was publicly disclosed on October 16, 2025. While no active exploitation campaigns have been publicly confirmed, the critical severity and ease of exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code may emerge, increasing the risk of widespread exploitation.
PrestaShop e-commerce stores utilizing the ps_checkout module, particularly those running older versions (≤v3.0.2) and those relying heavily on the Express Checkout feature for customer convenience. Shared hosting environments running PrestaShop are also at increased risk due to potential vulnerabilities in the underlying server configuration.
• php: Examine PrestaShop module directories for the ps_checkout module version.
find /var/www/prestashop/modules/ -name 'ps_checkout' -print• php: Check PrestaShop configuration files for the version number.
grep 'ps_checkout' /var/www/prestashop/config/defines.inc.php• generic web: Monitor PrestaShop access logs for unusual login attempts or requests targeting the Express Checkout endpoint. Look for POST requests with suspicious parameters. • generic web: Review PrestaShop error logs for any errors related to authentication or Express Checkout.
disclosure
Exploit Status
EPSS
0.01% (3% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-61922 is to immediately upgrade the ps_checkout module to version 4.4.1 or later, or to PrestaShop versions 7.4.4.1, 8.4.4.1, 7.5.0.5, 8.5.0.5, or 9.5.0.5. If upgrading is not immediately feasible, consider temporarily disabling the Express Checkout feature to prevent exploitation. Web Application Firewalls (WAFs) configured to inspect and filter HTTP requests can be deployed to block malicious payloads targeting the Express Checkout endpoint. Review PrestaShop's security best practices and ensure all other modules are up-to-date to minimize the overall attack surface. After upgrade, confirm the vulnerability is resolved by attempting an Express Checkout with a test user account and verifying that authentication is properly enforced.
Werk de ps_checkout module bij naar versie 4.4.1 of hoger, of naar versie 5.0.5 of hoger. Dit corrigeert de validatie-omissie kwetsbaarheid in de Express Checkout-functie die accountovername via e-mail mogelijk maakt. De update kan worden uitgevoerd via het PrestaShop administratiepaneel.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-61922 is a critical vulnerability in the PrestaShop ps_checkout module that allows attackers to silently log in users without authentication, potentially gaining unauthorized access.
You are affected if you are running PrestaShop with the ps_checkout module version 3.0.2 or earlier. Upgrade to a patched version to mitigate the risk.
Upgrade the ps_checkout module to version 4.4.1 or later, or upgrade to PrestaShop versions 7.4.4.1, 8.4.4.1, 7.5.0.5, 8.5.0.5, or 9.5.0.5.
While no active exploitation campaigns have been publicly confirmed, the critical severity suggests a high probability of exploitation.
Refer to the official PrestaShop security advisory for detailed information and updates: [https://security.prestashop.com/](https://security.prestashop.com/)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.