Description

Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of `accountRegister` may result in errors that could unintentionally reveal whether a user with the provided email already exists in Saleor. Version 3.21.16 fixes the issue. As a workaround, rate-limit the mutation to reduce the impact.

INFO

Published Date :

2025-09-09T19:46:45.798Z

Last Modified :

2025-09-10T13:50:40.777Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58442 vulnerability.

Vendors Products
Saleor
  • Saleor
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58442.

URL Resource
https://github.com/saleor/saleor/commit/09d671e91ea53a44352d5f685083dc05a2f55e95 cve-icon cve-icon
https://github.com/saleor/saleor/commit/b35783838e51cfc118e07d632f64b01bc3a2c4bb cve-icon cve-icon
https://github.com/saleor/saleor/releases/tag/3.21.16 cve-icon cve-icon
https://github.com/saleor/saleor/security/advisories/GHSA-8w67-mfm5-fwx5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact