CVE-2025-54236

Media report

EPSS 0.33%
Published 09.09.2025 13:20:17
Last modified 22.09.2025 18:15:43
Source psirt@adobe.com
Teams watchlist Login
Open Login

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Commerce Version2.4.4 Update-

Adobe ≫ Commerce Version2.4.4 Updatep1

Adobe ≫ Commerce Version2.4.4 Updatep10

Adobe ≫ Commerce Version2.4.4 Updatep11

Adobe ≫ Commerce Version2.4.4 Updatep12

Adobe ≫ Commerce Version2.4.4 Updatep13

Adobe ≫ Commerce Version2.4.4 Updatep14

Adobe ≫ Commerce Version2.4.4 Updatep15

Adobe ≫ Commerce Version2.4.4 Updatep2

Adobe ≫ Commerce Version2.4.4 Updatep3

Adobe ≫ Commerce Version2.4.4 Updatep4

Adobe ≫ Commerce Version2.4.4 Updatep5

Adobe ≫ Commerce Version2.4.4 Updatep6

Adobe ≫ Commerce Version2.4.4 Updatep7

Adobe ≫ Commerce Version2.4.4 Updatep8

Adobe ≫ Commerce Version2.4.4 Updatep9

Adobe ≫ Commerce Version2.4.5 Update-

Adobe ≫ Commerce Version2.4.5 Updatep1

Adobe ≫ Commerce Version2.4.5 Updatep10

Adobe ≫ Commerce Version2.4.5 Updatep11

Adobe ≫ Commerce Version2.4.5 Updatep12

Adobe ≫ Commerce Version2.4.5 Updatep13

Adobe ≫ Commerce Version2.4.5 Updatep14

Adobe ≫ Commerce Version2.4.5 Updatep2

Adobe ≫ Commerce Version2.4.5 Updatep3

Adobe ≫ Commerce Version2.4.5 Updatep4

Adobe ≫ Commerce Version2.4.5 Updatep5

Adobe ≫ Commerce Version2.4.5 Updatep6

Adobe ≫ Commerce Version2.4.5 Updatep7

Adobe ≫ Commerce Version2.4.5 Updatep8

Adobe ≫ Commerce Version2.4.5 Updatep9

Adobe ≫ Commerce Version2.4.6 Update-

Adobe ≫ Commerce Version2.4.6 Updatep1

Adobe ≫ Commerce Version2.4.6 Updatep10

Adobe ≫ Commerce Version2.4.6 Updatep11

Adobe ≫ Commerce Version2.4.6 Updatep12

Adobe ≫ Commerce Version2.4.6 Updatep2

Adobe ≫ Commerce Version2.4.6 Updatep3

Adobe ≫ Commerce Version2.4.6 Updatep4

Adobe ≫ Commerce Version2.4.6 Updatep5

Adobe ≫ Commerce Version2.4.6 Updatep6

Adobe ≫ Commerce Version2.4.6 Updatep7

Adobe ≫ Commerce Version2.4.6 Updatep8

Adobe ≫ Commerce Version2.4.6 Updatep9

Adobe ≫ Commerce Version2.4.7 Update-

Adobe ≫ Commerce Version2.4.7 Updateb1

Adobe ≫ Commerce Version2.4.7 Updateb2

Adobe ≫ Commerce Version2.4.7 Updatebeta3

Adobe ≫ Commerce Version2.4.7 Updatep1

Adobe ≫ Commerce Version2.4.7 Updatep2

Adobe ≫ Commerce Version2.4.7 Updatep3

Adobe ≫ Commerce Version2.4.7 Updatep4

Adobe ≫ Commerce Version2.4.7 Updatep5

Adobe ≫ Commerce Version2.4.7 Updatep6

Adobe ≫ Commerce Version2.4.7 Updatep7

Adobe ≫ Commerce Version2.4.8 Update-

Adobe ≫ Commerce Version2.4.8 Updatebeta1

Adobe ≫ Commerce Version2.4.8 Updatebeta2

Adobe ≫ Commerce Version2.4.8 Updatep1

Adobe ≫ Commerce Version2.4.8 Updatep2

Adobe ≫ Commerce Version2.4.9 Updatealpha1

Adobe ≫ Commerce Version2.4.9 Updatealpha2

Adobe ≫ Commerce B2b Version1.3.3 Update-

Adobe ≫ Commerce B2b Version1.3.3 Updatep1

Adobe ≫ Commerce B2b Version1.3.3 Updatep10

Adobe ≫ Commerce B2b Version1.3.3 Updatep11

Adobe ≫ Commerce B2b Version1.3.3 Updatep12

Adobe ≫ Commerce B2b Version1.3.3 Updatep13

Adobe ≫ Commerce B2b Version1.3.3 Updatep14

Adobe ≫ Commerce B2b Version1.3.3 Updatep15

Adobe ≫ Commerce B2b Version1.3.3 Updatep2

Adobe ≫ Commerce B2b Version1.3.3 Updatep3

Adobe ≫ Commerce B2b Version1.3.3 Updatep4

Adobe ≫ Commerce B2b Version1.3.3 Updatep5

Adobe ≫ Commerce B2b Version1.3.3 Updatep6

Adobe ≫ Commerce B2b Version1.3.3 Updatep7

Adobe ≫ Commerce B2b Version1.3.3 Updatep8

Adobe ≫ Commerce B2b Version1.3.3 Updatep9

Adobe ≫ Commerce B2b Version1.3.4 Update-

Adobe ≫ Commerce B2b Version1.3.4 Updatep1

Adobe ≫ Commerce B2b Version1.3.4 Updatep10

Adobe ≫ Commerce B2b Version1.3.4 Updatep11

Adobe ≫ Commerce B2b Version1.3.4 Updatep12

Adobe ≫ Commerce B2b Version1.3.4 Updatep13

Adobe ≫ Commerce B2b Version1.3.4 Updatep14

Adobe ≫ Commerce B2b Version1.3.4 Updatep2

Adobe ≫ Commerce B2b Version1.3.4 Updatep3

Adobe ≫ Commerce B2b Version1.3.4 Updatep4

Adobe ≫ Commerce B2b Version1.3.4 Updatep5

Adobe ≫ Commerce B2b Version1.3.4 Updatep6

Adobe ≫ Commerce B2b Version1.3.4 Updatep7

Adobe ≫ Commerce B2b Version1.3.4 Updatep8

Adobe ≫ Commerce B2b Version1.3.4 Updatep9

Adobe ≫ Commerce B2b Version1.4.2 Update-

Adobe ≫ Commerce B2b Version1.4.2 Updatep1

Adobe ≫ Commerce B2b Version1.4.2 Updatep2

Adobe ≫ Commerce B2b Version1.4.2 Updatep3

Adobe ≫ Commerce B2b Version1.4.2 Updatep4

Adobe ≫ Commerce B2b Version1.4.2 Updatep5

Adobe ≫ Commerce B2b Version1.4.2 Updatep6

Adobe ≫ Commerce B2b Version1.4.2 Updatep7

Adobe ≫ Commerce B2b Version1.5.2 Update-

Adobe ≫ Commerce B2b Version1.5.2 Updatep1

Adobe ≫ Commerce B2b Version1.5.2 Updatep2

Adobe ≫ Commerce B2b Version1.5.3 Updatealpha1

Adobe ≫ Commerce B2b Version1.5.3 Updatealpha2

Adobe ≫ Magento Version2.4.5 Update- SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep1 SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep10 SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep11 SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep12 SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep13 SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep14 SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep2 SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep3 SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep4 SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep5 SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep6 SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep7 SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep8 SwEditionopen_source

Adobe ≫ Magento Version2.4.5 Updatep9 SwEditionopen_source

Adobe ≫ Magento Version2.4.6 Update- SwEditionopen_source

Adobe ≫ Magento Version2.4.6 Updatep1 SwEditionopen_source

Adobe ≫ Magento Version2.4.6 Updatep10 SwEditionopen_source

Adobe ≫ Magento Version2.4.6 Updatep11 SwEditionopen_source

Adobe ≫ Magento Version2.4.6 Updatep12 SwEditionopen_source

Adobe ≫ Magento Version2.4.6 Updatep2 SwEditionopen_source

Adobe ≫ Magento Version2.4.6 Updatep3 SwEditionopen_source

Adobe ≫ Magento Version2.4.6 Updatep4 SwEditionopen_source

Adobe ≫ Magento Version2.4.6 Updatep5 SwEditionopen_source

Adobe ≫ Magento Version2.4.6 Updatep6 SwEditionopen_source

Adobe ≫ Magento Version2.4.6 Updatep7 SwEditionopen_source

Adobe ≫ Magento Version2.4.6 Updatep8 SwEditionopen_source

Adobe ≫ Magento Version2.4.6 Updatep9 SwEditionopen_source

Adobe ≫ Magento Version2.4.7 Update- SwEditionopen_source

Adobe ≫ Magento Version2.4.7 Updateb1 SwEditionopen_source

Adobe ≫ Magento Version2.4.7 Updateb2 SwEditionopen_source

Adobe ≫ Magento Version2.4.7 Updatebeta3 SwEditionopen_source

Adobe ≫ Magento Version2.4.7 Updatep1 SwEditionopen_source

Adobe ≫ Magento Version2.4.7 Updatep2 SwEditionopen_source

Adobe ≫ Magento Version2.4.7 Updatep3 SwEditionopen_source

Adobe ≫ Magento Version2.4.7 Updatep4 SwEditionopen_source

Adobe ≫ Magento Version2.4.7 Updatep5 SwEditionopen_source

Adobe ≫ Magento Version2.4.7 Updatep6 SwEditionopen_source

Adobe ≫ Magento Version2.4.7 Updatep7 SwEditionopen_source

Adobe ≫ Magento Version2.4.8 Update- SwEditionopen_source

Adobe ≫ Magento Version2.4.8 Updatebeta1 SwEditionopen_source

Adobe ≫ Magento Version2.4.8 Updatebeta2 SwEditionopen_source

Adobe ≫ Magento Version2.4.8 Updatep1 SwEditionopen_source

Adobe ≫ Magento Version2.4.8 Updatep2 SwEditionopen_source

Adobe ≫ Magento Version2.4.9 Updatealpha1 SwEditionopen_source

Adobe ≫ Magento Version2.4.9 Updatealpha2 SwEditionopen_source

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.33%	0.555

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@adobe.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.heise.de/news/Patchday-Adobe-Luecken-in-Acrobat-Co-koennen-Schadcode-auf-PCs-lassen-10639095.html

Medienbericht

heise Security

https://helpx.adobe.com/security/products/magento/apsb25-88.html

Vendor Advisory

https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento

https://nvd.nist.gov/vuln/detail/CVE-2025-54236

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-54236

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-54236

EUVD