Adobe has issued a warning about a critical security flaw, CVE-2025-54236, in its Commerce and Magento Open Source platforms, which could allow attackers to control customer accounts. While no exploits have been observed in the wild, Adobe has released a hotfix and protective WAF rules to prevent potential attacks. #CVE202554236 #MagentoVulnerability
Keypoints
- Adobe disclosed a severe vulnerability in its Commerce and Magento Open Source platforms, rated 9.1 out of 10.
- The flaw involves improper input validation in the REST API that can be exploited to hijack customer accounts.
- Products affected include various versions of Adobe Commerce, Magento Open Source, and the Custom Attributes Serializable module.
- Adobe has released a hotfix and implemented WAF rules to mitigate the risk of exploitation.
- Security experts compare this vulnerability to previous major exploits like CosmicSting and TrojanOrder, emphasizing its severity.
Read More: https://thehackernews.com/2025/09/adobe-commerce-flaw-cve-2025-54236-lets.html