On June 11, 2025, Adobe released Magento 2.4.8-p1 — a critical security patch designed to address several vulnerabilities and enhance platform stability. If you're running Adobe Commerce 2.4.8, this patch is a must-have to keep your store secure and performant.

Highlights of Magento 2.4.8-p1

  • API Performance Enhancement: Fixes the performance degradation caused by bulk asynchronous web API endpoints introduced in earlier patches.
  • CMS Blocks Access Fix: Admin users with limited roles (like merchandising-only access) can now view the CMS Blocks page without errors.
  • Cookie Limit Compatibility: Fixes issues with the MAX_NUM_COOKIES constant, restoring compatibility for extensions relying on cookie limits.
  • Async Operation Restrictions: Restricts overwriting of previous customer orders via async operations to prevent misuse.
  • Security Fixes:
    • CVE-2025-47110: Resolves vulnerabilities in email templates that could be exploited in specific scenarios.
    • VULN-31547: Fixes a vulnerability related to canonical links in category pages.

Why You Should Upgrade

Security patches like 2.4.8-p1 are essential to maintaining PCI compliance and ensuring your customer data remains protected. With improved performance and restored compatibility, this patch also helps developers avoid regressions introduced by earlier updates.

How to Upgrade

Use Composer to apply the patch in your staging environment first. Always backup your database and codebase before proceeding with updates.

composer require magento/product-community-edition 2.4.8-p1 --no-update
composer update
bin/magento setup:upgrade
bin/magento cache:flush

Don’t forget to test all core functionalities, especially custom integrations and B2B modules.

Need help upgrading or testing your Magento store? Mavenbird offers expert Magento upgrade and maintenance services. Contact us today.