Description

Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1.

INFO

Published Date :

2026-02-04T21:21:56.414Z

Last Modified :

2026-02-04T21:40:35.514Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25523 vulnerability.

Vendors Products
Openmage
  • Magento
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25523.

URL Resource
https://github.com/OpenMage/magento-lts/security/advisories/GHSA-jg68-vhv3-9r8f cve-icon cve-icon
https://hackerone.com/bugs?subject=openmage&report_id=3416312 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact