CVE-2025-54236
CriticalSummary
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, significantly impacting confidentiality and integrity.
Risk Assessment
The organization is at high risk of session takeover, which may lead to loss of confidential information and compromise of system integrity.
Recommendation
It is recommended to update to the latest version of Adobe Commerce to mitigate this vulnerability and implement additional security measures for input validation.
Original NVD description (English source)
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

