Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-wh92-6q6g-px7j

GitHub Security Advisory

Magento Community Edition Improper Input Validation vulnerability

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact to high. Exploitation of this issue does not require user interaction.

Affected Packages

Packagist magento/community-edition
Affected versions: 0 (last affected: 2.4.5-p14)
Packagist magento/community-edition
Packagist magento/community-edition
Affected versions: 2.4.6-p1 (last affected: 2.4.6-p12)
Packagist magento/community-edition
Packagist magento/community-edition
Affected versions: 2.4.9-alpha1 (last affected: 2.4.9-alpha2)
Packagist magento/community-edition
Packagist magento/community-edition
Packagist magento/community-edition
Affected versions: 2.4.7-beta1 (last affected: 2.4.7-p7)
Packagist magento/community-edition
Affected versions: 2.4.8-beta1 (last affected: 2.4.8-p2)
Packagist magento/community-edition
Packagist magento/project-community-edition
Affected versions: 0 (last affected: 2.0.2)

Related CVEs

CVE-2025-54236

Key Information

GHSA ID
GHSA-wh92-6q6g-px7j
Published
September 9, 2025 3:31 PM
Last Modified
September 10, 2025 8:40 PM
CVSS Score
9.0 /10
Primary Ecosystem
Packagist
Primary Package
magento/community-edition
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.