← Voltar para CVEs
CVE-2025-54236
CRITICALCISA KEV9.1
Descricao
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
Detalhes CVE
Pontuacao CVSS v3.19.1
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado9/9/2025
Ultima modificacao5/5/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorAdobe
ProdutoCommerce and Magento
Nome da vulnerabilidadeAdobe Commerce and Magento Improper Input Validation Vulnerability
Data inclusao KEV2025-10-24
Prazo de remediacao2025-11-14
Uso em ransomwareUnknown
Produtos afetados
adobe:commerceadobe:commerce_b2badobe:magento
Fraquezas (CWE)
CWE-20
Referencias
https://helpx.adobe.com/security/products/magento/apsb25-88.html(psirt@adobe.com)
https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.