CVE-2025-30151 Information

Description

Shopware is an open commerce platform. It’s possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4 corresponding security measures are also available via a plugin. For the full range of functions we recommend updating to the latest Shopware version.

Reference

https://github.com/shopware/shopware/security/advisories/GHSA-cgfj-hj93-rmh2