CVE-2025-54236
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-54236. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
Available Exploits
Related News
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in the history of the product. [...]
Affected Products
Affected Versions:
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: September 9, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: September 9, 2025, Modified: September 9, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
🔥 Top 10 Trending CVEs (10/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-54236](https://nvd.nist.gov/vuln/detail/CVE-2025-54236)** - 📝 Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session …
CVE-2025-54236: Falha crítica no Adobe Commerce (Magento)
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts
[Urgent Patch] Critical Adobe Commerce Vulnerability (CVE-2025-54236) Allows for Customer Account Takeover Adobe has issued an emergency hotfix for a critical vulnerability (CVSS 9.1) in its Commerce platform. The flaw, dubbed "SessionReaper," could allow unauthenticated attackers to exploit the Commerce REST API to take control of customer accounts.
Action Required: Critical Security Update Available for Adobe Commerce (APSB25-88) - CVE-2025-54236: potential attacker could take over customer accounts through the Commerce REST API
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The vulnerability, tracked as CVE-2025-54236 (aka... **CVEs:** CVE-2025-54236 **Source:** https://thehackernews.com/2025/09/adobe-commerce-flaw-cve-2025-54236-lets.html
Adobe patches critical SessionReaper flaw in Magento eCommerce platform Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in the history of the product. [...] **CVEs:** CVE-2025-54236 **Source:** https://www.bleepingcomputer.com/news/security/adobe-patches-critical-sessionreaper-flaw-in-magento-ecommerce-platform/