CVE-2025-30151

Shopware allows Denial Of Service via password length

Description

Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

INFO

Published Date :

2025-04-08T13:46:30.629Z

Last Modified :

2025-04-08T18:47:54.011Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-30151 vulnerability.

Vendors	Products
Shopware	Shopware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-30151.

URL	Resource
https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact