[HIGH] Magento has incorrect authorization issue that leads to arbitrary file system read

PKSA-48kk-sh8q-28n5 CVE-2025-49556 GHSA-7hrj-3c9x-xv5h

Affected package: magento/project-community-edition

Affected version: <=2.0.2

Reported by:
GitHub