{"id":53425,"date":"2025-06-18T22:36:56","date_gmt":"2025-06-18T22:36:56","guid":{"rendered":""},"modified":"2025-07-07T23:52:42","modified_gmt":"2025-07-08T05:52:42","slug":"cve-2025-48446-incorrect-authorization-vulnerability-in-drupal-commerce-alphabank-redirect","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-48446-incorrect-authorization-vulnerability-in-drupal-commerce-alphabank-redirect\/","title":{"rendered":"CVE-2025-48446: Incorrect Authorization Vulnerability in Drupal Commerce Alphabank Redirect<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The CVE-2025-48446 vulnerability is an Incorrect Authorization vulnerability found in Drupal Commerce Alphabank Redirect. This vulnerability is of significant concern because it allows for Functionality Misuse, potentially leading to system compromise or data leakage. The affected versions of the software are from 0.0.0 through to 1.0.2, and any organization using these versions should take immediate action to mitigate the risk.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-48446
\nSeverity: High (8.8 CVSS score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: Successful exploitation of this vulnerability could result in unauthorized<\/a> functionality misuse, system compromise, or data leakage.<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n