VYPR
Get started
← All advisories
Critical severity9.1CISA KEVNVD Advisory· Published Sep 9, 2025· Updated May 12, 2026

CVE-2025-54236

CVE-2025-54236

Description

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
magento/community-editionPackagist
<= 2.4.5-p14
magento/community-editionPackagist
>= 2.4.6-p1, <= 2.4.6-p12
magento/community-editionPackagist
>= 2.4.9-alpha1, <= 2.4.9-alpha2
magento/community-editionPackagist
>= 2.4.7-beta1, <= 2.4.7-p7
magento/community-editionPackagist
>= 2.4.8-beta1, <= 2.4.8-p2
magento/project-community-editionPackagist
<= 2.0.2

Affected products

152
  • Adobe Inc./Commerce62 versions
    cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*+ 61 more
    • cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.9:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce:2.4.9:alpha2:*:*:*:*:*:*
  • Adobe Inc./Commerce B2b44 versions
    cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*+ 43 more
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha2:*:*:*:*:*:*
  • Adobe Inc./Magento46 versions
    cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*+ 45 more
    • cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p14:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*
    • cpe:2.3:a:adobe:magento:2.4.9:alpha2:*:*:open_source:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.