Improper Input Validation in Adobe Commerce Products
CVE-2025-54236

9.1CRITICAL

Key Information:

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 9 September 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-54236?

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier face a significant risk due to an Improper Input Validation flaw. This vulnerability allows attackers to bypass security features, potentially leading to session takeover without requiring any user interaction. The exploitation of this vulnerability poses a threat to the confidentiality and integrity of the affected systems, making it crucial for businesses using these versions to apply security updates promptly. For further details, refer to the official Adobe security advisory.

Affected Version(s)

Adobe Commerce 0 <= 2.4.4-p15

News Articles

BleepingComputer

CVE-2025-54236

Adobe patches critical SessionReaper flaw in Magento eCommerce platform

Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of

7 hours ago

References

https://helpx.adobe.com/security/products/magento/apsb25-...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Sep 9, 2025
📰
First article discovered by BleepingComputer
Sep 9, 2025
Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Jul 17, 2025