CVE-2025-54236 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
adobe	CNA	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4:p1
adobe	commerce	2.4.4:p10
adobe	commerce	2.4.4:p11
adobe	commerce	2.4.4:p12
adobe	commerce	2.4.4:p13
adobe	commerce	2.4.4:p14
adobe	commerce	2.4.4:p15
adobe	commerce	2.4.4:p2
adobe	commerce	2.4.4:p3
adobe	commerce	2.4.4:p4
adobe	commerce	2.4.4:p5
adobe	commerce	2.4.4:p6
adobe	commerce	2.4.4:p7
adobe	commerce	2.4.4:p8
adobe	commerce	2.4.4:p9
adobe	commerce	2.4.5
adobe	commerce	2.4.5:p1
adobe	commerce	2.4.5:p10
adobe	commerce	2.4.5:p11
adobe	commerce	2.4.5:p12
adobe	commerce	2.4.5:p13
adobe	commerce	2.4.5:p14
adobe	commerce	2.4.5:p2
adobe	commerce	2.4.5:p3
adobe	commerce	2.4.5:p4
adobe	commerce	2.4.5:p5
adobe	commerce	2.4.5:p6
adobe	commerce	2.4.5:p7
adobe	commerce	2.4.5:p8
adobe	commerce	2.4.5:p9
adobe	commerce	2.4.6
adobe	commerce	2.4.6:p1
adobe	commerce	2.4.6:p10
adobe	commerce	2.4.6:p11
adobe	commerce	2.4.6:p12
adobe	commerce	2.4.6:p2
adobe	commerce	2.4.6:p3
adobe	commerce	2.4.6:p4
adobe	commerce	2.4.6:p5
adobe	commerce	2.4.6:p6
adobe	commerce	2.4.6:p7
adobe	commerce	2.4.6:p8
adobe	commerce	2.4.6:p9
adobe	commerce	2.4.7
adobe	commerce	2.4.7:b1
adobe	commerce	2.4.7:b2
adobe	commerce	2.4.7:beta3
adobe	commerce	2.4.7:p1
adobe	commerce	2.4.7:p2
adobe	commerce	2.4.7:p3
adobe	commerce	2.4.7:p4
adobe	commerce	2.4.7:p5
adobe	commerce	2.4.7:p6
adobe	commerce	2.4.7:p7
adobe	commerce	2.4.8
adobe	commerce	2.4.8:beta1
adobe	commerce	2.4.8:beta2
adobe	commerce	2.4.8:p1
adobe	commerce	2.4.8:p2
adobe	commerce	2.4.9:alpha1
adobe	commerce	2.4.9:alpha2
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3:p1
adobe	commerce_b2b	1.3.3:p10
adobe	commerce_b2b	1.3.3:p11
adobe	commerce_b2b	1.3.3:p12
adobe	commerce_b2b	1.3.3:p13
adobe	commerce_b2b	1.3.3:p14
adobe	commerce_b2b	1.3.3:p15
adobe	commerce_b2b	1.3.3:p2
adobe	commerce_b2b	1.3.3:p3
adobe	commerce_b2b	1.3.3:p4
adobe	commerce_b2b	1.3.3:p5
adobe	commerce_b2b	1.3.3:p6
adobe	commerce_b2b	1.3.3:p7
adobe	commerce_b2b	1.3.3:p8
adobe	commerce_b2b	1.3.3:p9
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4:p1
adobe	commerce_b2b	1.3.4:p10
adobe	commerce_b2b	1.3.4:p11
adobe	commerce_b2b	1.3.4:p12
adobe	commerce_b2b	1.3.4:p13
adobe	commerce_b2b	1.3.4:p14
adobe	commerce_b2b	1.3.4:p2
adobe	commerce_b2b	1.3.4:p3
adobe	commerce_b2b	1.3.4:p4
adobe	commerce_b2b	1.3.4:p5
adobe	commerce_b2b	1.3.4:p6
adobe	commerce_b2b	1.3.4:p7
adobe	commerce_b2b	1.3.4:p8
adobe	commerce_b2b	1.3.4:p9
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2:p1
adobe	commerce_b2b	1.4.2:p2
adobe	commerce_b2b	1.4.2:p3
adobe	commerce_b2b	1.4.2:p4
adobe	commerce_b2b	1.4.2:p5
adobe	commerce_b2b	1.4.2:p6
adobe	commerce_b2b	1.4.2:p7
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.2:p1
adobe	commerce_b2b	1.5.2:p2
adobe	commerce_b2b	1.5.3:alpha1
adobe	commerce_b2b	1.5.3:alpha2
adobe	magento	2.4.5
adobe	magento	2.4.5:p1
adobe	magento	2.4.5:p10
adobe	magento	2.4.5:p11
adobe	magento	2.4.5:p12
adobe	magento	2.4.5:p13
adobe	magento	2.4.5:p14
adobe	magento	2.4.5:p2
adobe	magento	2.4.5:p3
adobe	magento	2.4.5:p4
adobe	magento	2.4.5:p5
adobe	magento	2.4.5:p6
adobe	magento	2.4.5:p7
adobe	magento	2.4.5:p8
adobe	magento	2.4.5:p9
adobe	magento	2.4.6
adobe	magento	2.4.6:p1
adobe	magento	2.4.6:p10
adobe	magento	2.4.6:p11
adobe	magento	2.4.6:p12
adobe	magento	2.4.6:p2
adobe	magento	2.4.6:p3
adobe	magento	2.4.6:p4
adobe	magento	2.4.6:p5
adobe	magento	2.4.6:p6
adobe	magento	2.4.6:p7
adobe	magento	2.4.6:p8
adobe	magento	2.4.6:p9
adobe	magento	2.4.7
adobe	magento	2.4.7:b1
adobe	magento	2.4.7:b2
adobe	magento	2.4.7:beta3
adobe	magento	2.4.7:p1
adobe	magento	2.4.7:p2
adobe	magento	2.4.7:p3
adobe	magento	2.4.7:p4
adobe	magento	2.4.7:p5
adobe	magento	2.4.7:p6
adobe	magento	2.4.7:p7
adobe	magento	2.4.8
adobe	magento	2.4.8:beta1
adobe	magento	2.4.8:beta2
adobe	magento	2.4.8:p1
adobe	magento	2.4.8:p2
adobe	magento	2.4.9:alpha1
adobe	magento	2.4.9:alpha2

𝑥

= Vulnerable software versions

Known Exploits!

https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Vulnerability Media Exposure

[ENGLISH] Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw
E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours. The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1), a critical improper input validation flaw that could be
Published: 2025-10-23T11:17:00+05:30
[GERMAN] Angreifer attackieren kritische Lücke in Adobe Commerce und Magento
Im September hat Adobe Updates für Commerce und Magento veröffentlicht, die eine kritische Lücke schließen. Die wird nun angegriffen.
Published: 2025-10-24T07:11:00+00:00

References

https://helpx.adobe.com/security/products/magento/apsb25-88.html

https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397

https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236