CVE Catalog

CVE-2025-54236

Critical
Published: Translated: NVD NIST

Summary

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, significantly impacting confidentiality and integrity.

Risk Assessment

The organization is at high risk of session takeover, which may lead to loss of confidential information and compromise of system integrity.

Recommendation

It is recommended to update to the latest version of Adobe Commerce to mitigate this vulnerability and implement additional security measures for input validation.

Original NVD description (English source)

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS