anonhaven

CVE-2025-54236

CRITICAL CVSS 3.1: 9,1 EPSS 73.7%
Обновлено 16 марта 2026
Adobe
Параметр Значение
CVSS 9,1 (CRITICAL)
Тип уязвимости CWE-20 (Неправильная проверка ввода)
Поставщик Adobe
Публичный эксплойт Да

Версии Adobe Commerce 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 и более ранние подвержены уязвимости неправильной проверки ввода. Успешный злоумышленник может злоупотребить этим, чтобы добиться захвата сеанса, повышая конфиденциальность и влияние на целостность до высокого уровня. Использование этой проблемы не требует взаимодействия с пользователем.

Показать оригинальное описание (EN)

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

Характеристики атаки

Способ атаки
По сети
Атака возможна удалённо
Сложность
Низкая
Легко эксплуатировать
Нужны права
Не требуются
Права не нужны
Участие пользователя
Не требуется
Не нужно действие пользователя

Последствия

Конфиденциальность
Высокое
Полная утечка данных
Целостность
Высокое
Полная модификация данных
Доступность
Нет
Нет нарушения работы

Строка CVSS v3.1

Тип уязвимости (CWE)

CWE-20 Improper Input Validation (Неправильная проверка ввода)

Уязвимые продукты 152

Конфигурация От (включительно) До (исключительно)
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.9:alpha1:*:*:*:*:*:*
Adobe Commerce
cpe:2.3:a:adobe:commerce:2.4.9:alpha2:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*
Adobe Commerce_B2b
cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha2:*:*:*:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p14:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*
Adobe Magento
cpe:2.3:a:adobe:magento:2.4.9:alpha2:*:*:open_source:*:*:*

Ссылки 4

https://helpx.adobe.com/security/products/magento/apsb25-88.html
psirt@adobe.com
https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-2…
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in…
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025…
134c704f-9b21-4f2e-91b3-4a467353bcc0
Share Post Share Share Share

Связанные уязвимости

CVE-2026-21347

Apple

7,8

CVE-2026-21346

Apple

7,8

CVE-2026-21345

Apple

7,8

CVE-2026-21344

Apple

7,8

CVE-2026-21343

Apple

7,8