CVE ID
CVE-2025-54236
Vulnerability Name
Adobe Commerce and Magento Improper Input Validation Vulnerability
- Project: Adobe
- Product: Commerce and Magento
Date
- Date Added: 2025-10-24
- Due Date: 2025-11-14
Description
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54236
Top comments (1)
Thanks for sharing this! That’s a serious one, improper input validation on the REST API could let attackers hijack customer accounts, so patching or applying mitigations ASAP is critical. Did you already start testing the recommended fixes from Adobe, or are you still evaluating the risk?