CVE-2025-54236

Critical KEV CVSS: 9.1

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

Vendor

Adobe

Product

Commerce

CWE

CWE-20

Yayın Tarihi

2025-09-09 14:15:46

Güncelleme

2026-04-06 13:00:02

Source Identifier

psirt@adobe.com

KEV Date Added

2025-10-24

Kategoriler

CWE-20 Commerce CRITICAL Adobe 2025

Referanslar

https://helpx.adobe.com/security/products/magento/apsb25-88.html https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236

Benzer Kayıtlar

High

CVE-2026-27309

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbi…

High

CVE-2026-21361

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a…

Medium

CVE-2026-21360

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an…

Medium

CVE-2026-21359

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an…

High

CVE-2026-21311

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a…

Medium

CVE-2026-21310

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an…