1+ {
2+ "schema_version" : " 1.4.0"
3+ "id" : " GHSA-wh92-6q6g-px7j"
4+ "modified" : " 2025-09-10T20:40:01Z"
5+ "published" : " 2025-09-09T15:31:19Z"
6+ "aliases" : [
7+ " CVE-2025-54236"
8+ ],
9+ "summary" : " Magento Community Edition Improper Input Validation vulnerability"
10+ "details" : " Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact to high. Exploitation of this issue does not require user interaction."
11+ "severity" : [
12+ {
13+ "type" : " CVSS_V3"
14+ "score" : " CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
15+ }
16+ ],
17+ "affected" : [
18+ {
19+ "package" : {
20+ "ecosystem" : " Packagist"
21+ "name" : " magento/community-edition"
22+ },
23+ "ranges" : [
24+ {
25+ "type" : " ECOSYSTEM"
26+ "events" : [
27+ {
28+ "introduced" : " 0"
29+ },
30+ {
31+ "last_affected" : " 2.4.5-p14"
32+ }
33+ ]
34+ }
35+ ]
36+ },
37+ {
38+ "package" : {
39+ "ecosystem" : " Packagist"
40+ "name" : " magento/community-edition"
41+ },
42+ "versions" : [
43+ " 2.4.6"
44+ ]
45+ },
46+ {
47+ "package" : {
48+ "ecosystem" : " Packagist"
49+ "name" : " magento/community-edition"
50+ },
51+ "ranges" : [
52+ {
53+ "type" : " ECOSYSTEM"
54+ "events" : [
55+ {
56+ "introduced" : " 2.4.6-p1"
57+ },
58+ {
59+ "last_affected" : " 2.4.6-p12"
60+ }
61+ ]
62+ }
63+ ]
64+ },
65+ {
66+ "package" : {
67+ "ecosystem" : " Packagist"
68+ "name" : " magento/community-edition"
69+ },
70+ "versions" : [
71+ " 2.4.5"
72+ ]
73+ },
74+ {
75+ "package" : {
76+ "ecosystem" : " Packagist"
77+ "name" : " magento/community-edition"
78+ },
79+ "ranges" : [
80+ {
81+ "type" : " ECOSYSTEM"
82+ "events" : [
83+ {
84+ "introduced" : " 2.4.9-alpha1"
85+ },
86+ {
87+ "last_affected" : " 2.4.9-alpha2"
88+ }
89+ ]
90+ }
91+ ]
92+ },
93+ {
94+ "package" : {
95+ "ecosystem" : " Packagist"
96+ "name" : " magento/community-edition"
97+ },
98+ "versions" : [
99+ " 2.4.7"
100+ ]
101+ },
102+ {
103+ "package" : {
104+ "ecosystem" : " Packagist"
105+ "name" : " magento/community-edition"
106+ },
107+ "versions" : [
108+ " 2.4.8"
109+ ]
110+ },
111+ {
112+ "package" : {
113+ "ecosystem" : " Packagist"
114+ "name" : " magento/community-edition"
115+ },
116+ "ranges" : [
117+ {
118+ "type" : " ECOSYSTEM"
119+ "events" : [
120+ {
121+ "introduced" : " 2.4.7-beta1"
122+ },
123+ {
124+ "last_affected" : " 2.4.7-p7"
125+ }
126+ ]
127+ }
128+ ]
129+ },
130+ {
131+ "package" : {
132+ "ecosystem" : " Packagist"
133+ "name" : " magento/community-edition"
134+ },
135+ "ranges" : [
136+ {
137+ "type" : " ECOSYSTEM"
138+ "events" : [
139+ {
140+ "introduced" : " 2.4.8-beta1"
141+ },
142+ {
143+ "last_affected" : " 2.4.8-p2"
144+ }
145+ ]
146+ }
147+ ]
148+ },
149+ {
150+ "package" : {
151+ "ecosystem" : " Packagist"
152+ "name" : " magento/community-edition"
153+ },
154+ "versions" : [
155+ " 2.4.9"
156+ ]
157+ },
158+ {
159+ "package" : {
160+ "ecosystem" : " Packagist"
161+ "name" : " magento/project-community-edition"
162+ },
163+ "ranges" : [
164+ {
165+ "type" : " ECOSYSTEM"
166+ "events" : [
167+ {
168+ "introduced" : " 0"
169+ },
170+ {
171+ "last_affected" : " 2.0.2"
172+ }
173+ ]
174+ }
175+ ]
176+ }
177+ ],
178+ "references" : [
179+ {
180+ "type" : " ADVISORY"
181+ "url" : " https://nvd.nist.gov/vuln/detail/CVE-2025-54236"
182+ },
183+ {
184+ "type" : " PACKAGE"
185+ "url" : " https://github.com/magento/magento2"
186+ },
187+ {
188+ "type" : " WEB"
189+ "url" : " https://helpx.adobe.com/security/products/magento/apsb25-88.html"
190+ }
191+ ],
192+ "database_specific" : {
193+ "cwe_ids" : [
194+ " CWE-20"
195+ ],
196+ "severity" : " CRITICAL"
197+ "github_reviewed" : true ,
198+ "github_reviewed_at" : " 2025-09-10T20:40:00Z"
199+ "nvd_published_at" : " 2025-09-09T14:15:46Z"
200+ }
201+ }
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments