Adobe has issued an urgent security alert regarding a critical vulnerability, CVE-2025-54236, affecting its Commerce and Magento Open-Source platforms. The flaw could allow attackers to hijack customer accounts via the REST API, emphasizing the need for immediate patch application. #CVE-2025-54236 #SessionReaper
Keypoints
- CVS-2025-54236 is a severe input validation vulnerability impacting multiple Adobe Commerce versions.
- Exploitation could lead to full control over customer accounts through the REST API.
- Adobe has released a hotfix (VULN-32437-2-4-X) to mitigate this security flaw.
- Users on Adobe Commerce Cloud or Managed Services should deploy WAF rules as temporary protection.
- Immediate action is required, including patch application and module updates, to prevent potential exploits.
Read More: https://thecyberexpress.com/adobe-commerce-flaw-cve-2025-54236/