CVE-2025-54236 | THREATINT

Description

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

PUBLISHED Reserved 2025-07-17 | Published 2025-09-09 | Updated 2025-10-24 | Assigner adobe

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA Known Exploited Vulnerability

Date added 2025-10-24 | Due date 2025-11-14

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

Improper Input Validation (CWE-20)

Product status

Default status

affected

Any version

affected

References

helpx.adobe.com/security/products/magento/apsb25-88.html vendor-advisory

cve.org (CVE-2025-54236)

nvd.nist.gov (CVE-2025-54236)

Download JSON