Vulnerability in Shopware

CVE-2025-30150

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/accoun…

EPSS: 0.003 (26.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

  • Shopware — versions >= 6.7.0.0-rc1, < 6.7.0.0-rc2, < 6.5.8.17, 6.7.0.0

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-30150?
CVE-2025-30150 is a medium-severity vulnerability in Shopware, classified under Observable Response Discrepancy. CVSS score: 5.3/10. Published 2025-04-08.
How severe is CVE-2025-30150?
Medium severity. CVSS v3 base score is 5.3 out of 10.