CVE-2025-54236
Gravedad CVSS v3.1:
CRÍTICA
Tipo:
CWE-20
Validación incorrecta de entrada
Fecha de publicación:
09/09/2025
Última modificación:
11/02/2026
Descripción
*** Pendiente de traducción *** Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
Impacto
Puntuación base 3.x
9.10
Gravedad 3.x
CRÍTICA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://helpx.adobe.com/security/products/magento/apsb25-88.html
- https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397
- https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236