DEV Community

Cover image for CVE-2025-54236: Adobe Commerce and Magento Improper Input Validation Vulnerability
Freedom Coder
Freedom Coder

Posted on • Originally published at scyscan.com

CVE-2025-54236: Adobe Commerce and Magento Improper Input Validation Vulnerability

#adobe #commerceandmagento #cybersecurity #vulnerability

CVE ID

CVE-2025-54236

Vulnerability Name

Adobe Commerce and Magento Improper Input Validation Vulnerability

  • Project: Adobe
  • Product: Commerce and Magento

Date

  • Date Added: 2025-10-24
  • Due Date: 2025-11-14

Description

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54236

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List

Top comments (0)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.