Vulnerability in Prestashop Prestashop_checkout

CVE-2025-61924

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP array_search(). The…

EPSS: 0.002 (15.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.8 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-61924?
CVE-2025-61924 is a low-severity vulnerability in Prestashop Prestashop_checkout, classified under Incomplete List of Disallowed Inputs. CVSS score: 3.8/10. Published 2025-10-16.
How severe is CVE-2025-61924?
Low severity. CVSS v3 base score is 3.8 out of 10.