
We found results for “”
CVE-2025-54236
Good to know:


Date: September 9, 2025
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Improper Input Validation
CWE-20Top Fix

Upgrade Version
Upgrade to version magento/community-edition - 2.4.8-p1;magento/community-edition - null;magento/community-edition - null;magento/community-edition - null;magento/community-edition - null;magento/community-edition - null;magento/community-edition - null
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |