Listen to this Post
The CVE-2025-22092 vulnerability in the PrestaShop Checkout module stems from an insufficient validation mechanism within its Express Checkout feature. The flaw exists in the component handling guest customer associations during a quick purchase. Specifically, the module fails to adequately verify if an email address provided during the checkout process is already associated with an existing customer account in the database. This allows an attacker to input the email address of a known, legitimate user. The system, instead of denying the action or requesting credentials, automatically and silently links the current guest checkout session to the existing customer account. Consequently, the attacker gains full access to the victim’s account for the duration of that session, enabling them to view personal information, order history, and potentially use stored payment methods without any authentication, resulting in a complete account takeover.
Platform: PrestaShop Checkout
Version: <4.4.1, 5.0.0-5.0.4
Vulnerability: Authentication Bypass
Severity: Critical
date: 2024-10-16
Prediction: Patch Available
What Undercode Say:
git clone https://github.com/PrestaShopCorp/ps_checkout.git cd ps_checkout git diff v5.0.4 v5.0.5 -- modules/ps_checkout/src/Handler/
// Code snippet highlighting the flawed logic
if ($customerExists) {
// Patched version adds explicit authentication check here
// $this->context->customer->login(); // This line was missing
}
How Exploit:
1. Attacker initiates Express Checkout.
2. Inputs victim’s known email address.
3. System silently logs into victim’s account.
4. Attacker completes order as victim.
Protection from this CVE
Immediately upgrade the `ps_checkout` module to version 4.4.1 or 5.0.5. These patched versions introduce proper validation checks that prevent automatic account association without explicit authentication. For administrators unable to update immediately, a temporary mitigation is to disable the Express Checkout feature entirely via the module’s configuration in the PrestaShop back office until the patch can be applied.
Impact:
Full account takeover, unauthorized access to personal data, exposure of order history, and potential misuse of saved payment methods. This vulnerability allows an attacker to compromise any customer account for which they know the email address, leading to significant privacy and financial consequences for users.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
