ГлавнаяУязвимости → CVE-2025-54236
9.1критическая

CVE-2025-54236

Описание

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

Затрагиваемое ПО
Adobe CommerceAdobe Commerce b2bAdobe Magento
CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Источники
https://helpx.adobe.com/security/products/magento/apsb25-88.htmlhttps://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magentohttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236