⚠️ CISA Known Exploited Vulnerability

Active Threat

This vulnerability is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Active exploitation has been observed in the wild. This poses significant risk to federal enterprises and should be prioritized for immediate patching.

View CISA KEV Catalog

CVE-2025-54236

Critical CISA KEV

Low Medium High Critical

9.1

CVSS Score

Published: Sep 09, 2025

Last Modified: Jan 08, 2026

Vulnerability Description

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

16 configuration(s) from 1 vendor(s)

magento

Version:

2.4.9

CPE:

cpe:2.3:a:adobe:magento:2.4.9:alpha2:*:*:open_source:*:*:*

commerce_b2b

Version:

1.4.2

CPE:

cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:*:*:*:*:*:*

commerce

Version:

2.4.5

CPE:

cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*

commerce

Version:

2.4.8

CPE:

cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*

commerce

Version:

2.4.6

CPE:

cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*

commerce_b2b

Version:

1.5.3

CPE:

cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha3:*:*:*:*:*:*

commerce_b2b

Version:

1.3.3

CPE:

cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*

magento

Version:

2.4.6

CPE:

cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*

magento

Version:

2.4.8

CPE:

cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*

commerce

Version:

2.4.7

CPE:

cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*

magento

Version:

2.4.7

CPE:

cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*

commerce_b2b

Version:

1.5.2

CPE:

cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:*:*:*:*:*:*

commerce

Version:

2.4.4

CPE:

cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*

commerce_b2b

Version:

1.3.4

CPE:

cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:*:*:*:*:*:*

magento

Version:

2.4.5

CPE:

cpe:2.3:a:adobe:magento:2.4.5:p14:*:*:open_source:*:*:*

commerce

Version:

2.4.9

CPE:

cpe:2.3:a:adobe:commerce:2.4.9:alpha2:*:*:*:*:*:*

This vulnerability affects 16 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

9.1

out of 10.0

Critical

CISA KEV Status

Active Exploitation

Listed in CISA's Known Exploited Vulnerabilities catalog

View on CISA KEV

Key Information

Published Date: September 09, 2025

External Resources

NIST NVD

National Vulnerability Database

CVE Details

Detailed vulnerability info

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages

⚠️ CISA Known Exploited Vulnerability

CVE-2025-54236

Vulnerability Description

CVSS Metrics

Known Affected Software

adobe

References & Resources

Severity Details

CISA KEV Status

Key Information

External Resources