CVE Details
Basic Information
| Title | Race Condition in Shopware Voucher Submission |
|---|---|
| Type | cve |
| Published | 2025-08-06T07:16:09.712Z |
| Modified | 2025-08-06T07:22:17.134Z |
Product Information
| Vendor | Shopware |
|---|---|
| Product | Shopware |
| Version | 6.6.x |
CVSS Information
| Base Score | 6.0 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:N |
AI Analysis
| AI Description | A race condition in Shopware’s voucher system allows attackers to bypass voucher restrictions and exceed usage limits. This could lead to unauthorized use of vouchers, potentially causing financial or operational impacts. The vulnerability is specific to versions 6.6.x and 6.7.x of Shopware. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Shopware |
| AI Product | Shopware |
| AI Version | 6.6.x, 6.7.x |
Affected Products
- Shopware Shopware 6.6.x
- Shopware Shopware 6.7.x
Additional Information
| CWE List | CWE-362 |
|---|---|
| Source | SEC-VLab |
Description
A race condition vulnerability has been identified in Shopware’s voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations.