Vulnerability-Lookup

CVE-2025-54236 (GCVE-0-2025-54236)

Vulnerability from cvelistv5 – Published: 2025-09-09 13:20 – Updated: 2025-10-24 22:20

CISA KEV

Title

Adobe Commerce | Improper Input Validation (CWE-20)

Summary

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: active Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation (CWE-20)

Assigner

adobe

References

4 references

URL	Tags
https://helpx.adobe.com/security/products/magento…	vendor-advisory
https://nullsecurityx.codes/cve-2025-54236-sessio…	exploit
https://experienceleague.adobe.com/en/docs/experi…	mitigation
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

Impacted products

1 product

Vendor	Product	Version
Adobe	Adobe Commerce	Affected: 0 , ≤ 2.4.4-p15 (semver)

Date Public

2025-09-09 17:00

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 4f1dc8bc-f1c6-497f-8b18-5f8ae3ee8a5e

Vulnerability ID: CVE-2025-54236

Status: Confirmed

Status Updated: 2025-10-24 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2025-10-24

Asserted: 2025-10-24

Scope

Notes: KEV entry: Adobe Commerce and Magento Improper Input Validation Vulnerability | Affected: Adobe / Commerce and Magento | Description: Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54236

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-20
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Commerce and Magento
Due Date	2025-11-14
Date Added	2025-10-24
Vendorproject	Adobe
Vulnerabilityname	Adobe Commerce and Magento Improper Input Validation Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2025-54236

Created: 2026-02-02 12:25 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54236",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-24T14:08:30.772162Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-10-24",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-24T22:20:23.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento"
          },
          {
            "tags": [
              "mitigation"
            ],
            "url": "https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397"
          },
          {
            "name": "CISA KEV",
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-10-24T00:00:00.000Z",
            "value": "CVE-2025-54236 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p15",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-09-09T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 9.1,
            "environmentalSeverity": "CRITICAL",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "NONE",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 9.1,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-09T15:34:50.112Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Input Validation (CWE-20)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-54236",
    "datePublished": "2025-09-09T13:20:17.939Z",
    "dateReserved": "2025-07-17T21:15:02.453Z",
    "dateUpdated": "2025-10-24T22:20:23.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2025-54236",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2025-10-24",
      "dueDate": "2025-11-14",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54236",
      "product": "Commerce and\u202fMagento",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.",
      "vendorProject": "Adobe",
      "vulnerabilityName": "Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability"
    },
    "epss": {
      "cve": "CVE-2025-54236",
      "date": "2026-06-01",
      "epss": "0.72152",
      "percentile": "0.98772"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-54236\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2025-09-09T14:15:46.563\",\"lastModified\":\"2026-05-11T01:00:01.427\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"cisaExploitAdd\":\"2025-10-24\",\"cisaActionDue\":\"2025-11-14\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Adobe Commerce and?Magento Improper Input Validation Vulnerability\",\"weaknesses\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D258D9EF-94FB-41F0-A7A5-7F66FA7A0055\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E5CF6F0-2388-4D3F-8FE1-43B8AF148564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C3D7164-1C5F-40BC-9EEC-B0E00CD45808\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"68AAE162-5957-42AF-BE20-40F341837FAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9D01159-3309-4F6B-93B0-2D89DDD33DEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"8412C043-64E7-4DFF-A303-13A6FE113BFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFEBDDF2-6443-4482-83B2-3CD272CF599F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6661093F-8D22-450F-BC6C-A8894A52E6A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2515DA6D-2E74-4A05-BD29-FEEF3322BCB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"69A1F1F7-E53C-40F3-B3D9-DC011FC353BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A56E96C-6CE5-442C-AA88-F0059B02B5E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"8867F510-201C-4199-8554-53DE156CE669\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"23988132-DD4E-4968-B6B8-954122F76081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B07F7B2-E915-4EFF-8FFC-91143CEF082E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"5764CC97-C866-415D-A3A1-5B5B9E1C06A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"E82D10D8-2894-4E5B-B47B-F00964DD5CDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"B044F2D9-E888-4852-8A40-DCE688860ED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"6423C754-36F9-4680-9211-60940ED63E79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"3472064A-8C79-436B-965A-96834AE8D346\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8605E4E6-0F7D-42C8-B35B-2349A0BEFC69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6318F97-E59A-4425-8DC7-045C78A644F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"324A573E-DBC8-42A0-8CB8-EDD8FBAB7115\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"54151A00-CFB8-4E6A-8E74-497CB67BF7E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DF0E74D-9293-4209-97D1-A3BA13C3DDE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"8922D646-1A97-47ED-91C6-5A426781C98A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"952787C6-9BF1-49FB-9824-1236678E1902\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"898A8679-3C46-4718-9EDF-583ADDFCF2EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6086841-C175-46A1-8414-71C6163A0E7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"E57889CC-3E90-46AF-9CD6-3328DD501AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"47A86566-DE38-4032-947D-B6181F0BC120\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A576B1B5-73A2-431E-998F-7E5458B51D6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E05F4AC-2A28-47E3-96DE-0E31AF73CD43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A9A62EE-1649-4815-8EC9-7AEF7949EB2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"E58690F9-FA9C-42A0-B4CD-91FD1197A53E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B83729E-80AF-47CE-A70C-32BF83024A40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"73D22D42-646D-4955-A6F9-9B7BA63DC0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5D04853-0C2F-47DD-A939-3A8F6E22CB7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EBB0608-034B-4F07-A59B-9E6A989BA260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3BF9B08-84E3-4974-9DEB-F4285995D796\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7771BEDB-05E2-430E-B2A2-E2F7574B7114\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E05341A-C70C-4B3D-AF30-9520D6B97D30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"95026AA9-A28B-4D94-BD77-7628429EBA30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83FD1220-7D46-42B2-8110-30A934144572\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F1439CE-8A3B-414A-B974-559209FF480C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"13726DEE-FFCB-447B-9FFF-136F132F2C4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EE12F4B-5607-4790-A29B-EE23383BCC1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D05A958-9749-486A-A149-C21647CDCADF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9E12B43-AD3E-48A2-9042-5586186CA3BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4947C63-CFD9-437B-A09E-A197DCE40095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.9:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"37F32F70-7B2A-4BAB-B3F0-AFF5C04CCDED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce:2.4.9:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B6B7609-6A8E-4154-BC05-2A9099909684\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E396FB4F-B20A-4BF9-8FBD-014A0F197F08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ADE32D1-2845-4030-BE1F-ECE28189D0F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2E771C9-86C4-455C-98D4-6F4FE7A9A822\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"491AB715-F62A-46DB-A56E-055CF7CB7BEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FE364A8-4780-426F-9E8A-284A31FE2623\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9258027-8A6A-4C6A-BC6F-349B6E03D828\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"934C52C7-8751-481E-BAA7-F631C4E31F32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5677B7E2-FA07-4536-96A9-2C64BEFD3751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DCD1522-6E27-474F-9FC6-413409D6AD55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7968FCA-CCFD-4222-8FB8-E6E21107944F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C175A1F-7814-4C51-A7B7-AD5140F0688F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"E66CBFB3-40C3-474A-A3A3-12135F610814\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"F51DFA17-1875-41A9-B141-D89BB6238B3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A4D10EF-9137-4DF5-A5DD-97907E8B4C02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CD0DC76-7181-4954-A59E-AB7BB47D0576\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C90C433-6655-4038-9AB3-0304C1AFF360\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"374E7EDD-512A-4633-A136-01A656935334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"89BAB227-03E6-4776-ADE4-9D9CB666EFD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA80AFCE-2663-46C0-AEC0-C16C8E675E6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB9955CA-7E7B-40D3-A85D-58BB0D9AC897\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D0A17AC-D433-47C2-A1AC-88291DCCECCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E9D364A-C858-4160-8B8B-33ECF94796D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"61559E50-581E-40FF-9FD4-10192ECFCD04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE3BFB41-5633-4167-B1EA-9E958BCE9DC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2C525D2-837D-486A-8B38-5634AE2ECE2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F220229-F2DF-4C9D-90A6-8B09F8BE3391\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"63AB9506-3F8E-4C2E-A859-2380431C15A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"51B76658-EA6B-4AC9-9D9C-374C5308D069\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E94B136-7A2C-47F0-BCE4-6BB8E776A305\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"15C638A8-EFE0-47DB-B1F9-34093AF0FC17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB863404-A9D7-4692-AB43-08945E669928\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A21F608C-C356-47B8-8FBB-DB28BABFC4C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E14195F1-5016-46BE-A614-6FB4E312FC93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C360EA8-B18F-4327-90EF-7EED2892BE4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"500E3A54-D7C7-4887-9EA6-7DF85389A831\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED6FFC1D-E921-4FF7-9928-015630613FE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"D855D141-7876-4F5A-91BE-6350DD379879\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"79CBDF59-EB84-44D3-81CF-5CBF943B411E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2117B163-D88E-4EB4-AEA7-F27FB732BD48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"508EE0EF-D54A-4834-84AB-FFC62040FDAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D7C6592-33B0-4586-8178-E8F4EB837B7F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"7A41C717-4B9F-4972-ABA3-2294EEC20F3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"3FA80BBC-2DF2-46E1-84CE-8A899415114E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"783E4AF1-52F3-446B-B003-8079EDA78CBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"08B7898F-E25A-4D16-A007-6D4543E80C58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"E99C1F27-68C9-481F-B01D-8B58B0AFB437\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p14:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"D4A3F4C7-8784-43BD-A11B-E66872DD8812\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"510B1840-AE77-4BDD-9C09-26C64CC8FC81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"FA1EDF58-8384-48C4-A584-54D24F6F7973\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"9D2D9715-3A6B-4BE0-B1C5-8D19A683A083\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"1C99B578-5DD6-476D-BB75-4DCAD7F79535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"7C1B2897-79A5-4A5B-9137-7A4B6B85AA84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"B9E8299D-FA97-483A-8E1B-BA7B869E467D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"9A1B92EC-E83A-43B3-8F14-5C1A52B579B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"789BD987-9DAD-4EAE-93DE-0E267D54F124\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"A3F113C0-00C5-4BC2-B42B-8AE3756252F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"AE842CC8-7795-4238-B727-0BA2FFFBF62C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"AE724531-422D-4ABB-98F5-2C0B1BBEF031\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"BB499397-0E40-45B0-A7E9-BEFCC909DD07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"02592D65-2D2C-460A-A970-8A18F9B156ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"457B89CF-C75E-4ED6-8603-9C52BA462A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"2A2DD9C6-BAF5-4DF5-9C14-3478923B2019\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"2AA0B806-ABB8-4C18-9F9C-8291BE208F52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"AA9D4DAB-7567-48D7-BE60-2A10B35CFF27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"A91E797D-63F6-4DE8-869C-AF0133DC6C03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"0E06FE04-8844-4409-92D9-4972B47C921B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"99C620F3-40ED-4D7F-B6A1-205E948FD6F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"7EB4B9C5-513C-4039-8087-5E8880894318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"9C77154A-DBFE-48C3-A274-03075A0DB040\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"F5AAC414-623C-444F-9BD5-EE0ACE2B2246\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"8292888D-B0B0-4DF3-8719-EA4CDCAB39D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"9830E074-FDCF-41E9-98C7-10C20424EF4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"9D0C8648-B39E-47C7-AA5C-3AFED22F8D40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"082F8B60-ECC5-4C55-BBFE-A0C8A3E95590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"A7B83AD4-3134-414A-80E3-106C3C0F975A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"00E8284F-10CD-449C-AEF1-688B8287292F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"2957B390-52C5-48D7-A6D7-709BC76B9C69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"524F64B6-F7F7-4926-884F-E9448636007C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"9F56F919-69B6-4A77-B8CE-F13409542F14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"E34849F7-54EE-4E4C-9184-3DE9C30E12AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:magento:2.4.9:alpha2:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"4E21DFF0-9F15-44D2-B78A-097BF3ACD752\"}]}]}],\"references\":[{\"url\":\"https://helpx.adobe.com/security/products/magento/apsb25-88.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Broken Link\",\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54236\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-24T14:08:30.772162Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-10-24\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236\"}}}], \"references\": [{\"url\": \"https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento\", \"tags\": [\"exploit\"]}, {\"url\": \"https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397\", \"tags\": [\"mitigation\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-09T14:54:39.465Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-10-24T00:00:00.000Z\", \"value\": \"CVE-2025-54236 added to CISA KEV\"}]}], \"cna\": {\"title\": \"Adobe Commerce | Improper Input Validation (CWE-20)\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"modifiedScope\": \"UNCHANGED\", \"temporalScore\": 9.1, \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"remediationLevel\": \"NOT_DEFINED\", \"reportConfidence\": \"NOT_DEFINED\", \"temporalSeverity\": \"CRITICAL\", \"availabilityImpact\": \"NONE\", \"environmentalScore\": 9.1, \"privilegesRequired\": \"NONE\", \"exploitCodeMaturity\": \"NOT_DEFINED\", \"integrityRequirement\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NETWORK\", \"confidentialityImpact\": \"HIGH\", \"environmentalSeverity\": \"CRITICAL\", \"availabilityRequirement\": \"NOT_DEFINED\", \"modifiedIntegrityImpact\": \"HIGH\", \"modifiedUserInteraction\": \"NONE\", \"modifiedAttackComplexity\": \"LOW\", \"confidentialityRequirement\": \"NOT_DEFINED\", \"modifiedAvailabilityImpact\": \"NONE\", \"modifiedPrivilegesRequired\": \"NONE\", \"modifiedConfidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Adobe\", \"product\": \"Adobe Commerce\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.4.4-p15\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2025-09-09T17:00:00.000Z\", \"references\": [{\"url\": \"https://helpx.adobe.com/security/products/magento/apsb25-88.html\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"Improper Input Validation (CWE-20)\"}]}], \"providerMetadata\": {\"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\", \"dateUpdated\": \"2025-09-09T15:34:50.112Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-54236\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-24T22:20:23.685Z\", \"dateReserved\": \"2025-07-17T21:15:02.453Z\", \"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"datePublished\": \"2025-09-09T13:20:17.939Z\", \"assignerShortName\": \"adobe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0767

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans les produits Adobe. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Adobe	Commerce	Commerce versions 2.4.x sans le correctif de sécurité VULN-32437-2-4-X-patch
Adobe	Commerce	Commerce B2B versions 1.3.x à 1.5.x sans le correctif de sécurité VULN-32437-2-4-X-patch
Adobe	Magento	Magento Open Source versions 2.4.5.x à 2.4.9.x sans le correctif de sécurité VULN-32437-2-4-X-patch

References

Title

Publication Time

CERTFR-2025-AVI-0767

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans les produits Adobe. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Adobe	Commerce	Commerce versions 2.4.x sans le correctif de sécurité VULN-32437-2-4-X-patch
Adobe	Commerce	Commerce B2B versions 1.3.x à 1.5.x sans le correctif de sécurité VULN-32437-2-4-X-patch
Adobe	Magento	Magento Open Source versions 2.4.5.x à 2.4.9.x sans le correctif de sécurité VULN-32437-2-4-X-patch

References

Title

Publication Time

BDU:2025-10942

Vulnerability from fstec - Published: 09.09.2025

Title

Уязвимость компонента Siemens User Management Component (UMC) веб-системы управления технологическими процессами SIMATIC PCS neo, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость компонента Siemens User Management Component (UMC) веб-системы управления технологическими процессами SIMATIC PCS neo связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vendor

Siemens AG

Software Name

SIMATIC PCS neo, User Management Component (UMC)

Software Version

4.1 (SIMATIC PCS neo), 5.0 (SIMATIC PCS neo), до 2.15.1.3 (User Management Component (UMC))

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - использование средств межсетевого экранирования уровня веб-приложений (WAF); - ограничение доступа из внешних сетей (Интернет); - сегментирование сети для ограничения доступа к уязвимому устройству; - использование систем обнаружения и предотвращения вторжений для обнаружения (выявления, регистрации) и реагирования на попытки эксплуатации уязвимостей; - использование виртуальных частных сетей для организации удаленного доступа (VPN). Использование рекомендаций: https://cert-portal.siemens.com/productcert/html/ssa-722410.html

Reference

https://cert-portal.siemens.com/productcert/html/ssa-722410.html https://github.com/amalpvatayam67/day01-sessionreaper-lab https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Siemens AG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "4.1 (SIMATIC PCS neo), 5.0 (SIMATIC PCS neo), \u0434\u043e 2.15.1.3 (User Management Component (UMC))",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432. \u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0440\u043e\u0432\u043d\u044f \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 (WAF);\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f (\u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f, \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438) \u0438 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://cert-portal.siemens.com/productcert/html/ssa-722410.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.09.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.10.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.09.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-10942",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-54236",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SIMATIC PCS neo, User Management Component (UMC)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Siemens User Management Component (UMC) \u0432\u0435\u0431-\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438 SIMATIC PCS neo, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Siemens User Management Component (UMC) \u0432\u0435\u0431-\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430\u043c\u0438 SIMATIC PCS neo \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cert-portal.siemens.com/productcert/html/ssa-722410.html\nhttps://github.com/amalpvatayam67/day01-sessionreaper-lab\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,4)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,1)"
}

CNVD-2025-21417

Vulnerability from cnvd - Published: 2025-09-17

Title

Adobe Commerce安全绕过漏洞（CNVD-2025-21417）

Description

Adobe Commerce是美国奥多比（Adobe）公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce存在安全绕过漏洞，攻击者可利用该漏洞绕过安全限制。

Severity

高

Patch Name

Adobe Commerce安全绕过漏洞（CNVD-2025-21417）的补丁

Patch Description

Adobe Commerce是美国奥多比（Adobe）公司的一种面向商家和品牌的全球领先的数字商务解决方案。 Adobe Commerce存在安全绕过漏洞，攻击者可利用该漏洞绕过安全限制。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://helpx.adobe.com/security/products/magento/apsb25-88.html

Reference

https://helpx.adobe.com/security/products/magento/apsb25-88.html

Impacted products

Name
['Adobe Magento Open Source <=2.4.9-alpha2', 'Adobe Magento Open Source <=2.4.8-p2', 'Adobe Magento Open Source <=2.4.7-p7', 'Adobe Magento Open Source <=2.4.6-p12', 'Adobe Magento Open Source <=2.4.5-p14', 'Adobe Adobe Commerce B2B <=1.5.3-alpha2', 'Adobe Adobe Commerce B2B <=1.5.2-p2', 'Adobe Adobe Commerce B2B <=1.4.2-p7', 'Adobe Adobe Commerce B2B <=1.3.4-p14', 'Adobe Adobe Commerce B2B <=1.3.3-p15', 'Adobe Adobe Commerce <=2.4.9-alpha2', 'Adobe Adobe Commerce <=2.4.8-p2', 'Adobe Adobe Commerce <=2.4.7-p7', 'Adobe Adobe Commerce <=2.4.6-p12', 'Adobe Adobe Commerce <=2.4.5-p14', 'Adobe Adobe Commerce <=2.4.4-p15']

Name

['Adobe Magento Open Source <=2.4.9-alpha2', 'Adobe Magento Open Source <=2.4.8-p2', 'Adobe Magento Open Source <=2.4.7-p7', 'Adobe Magento Open Source <=2.4.6-p12', 'Adobe Magento Open Source <=2.4.5-p14', 'Adobe Adobe Commerce B2B <=1.5.3-alpha2', 'Adobe Adobe Commerce B2B <=1.5.2-p2', 'Adobe Adobe Commerce B2B <=1.4.2-p7', 'Adobe Adobe Commerce B2B <=1.3.4-p14', 'Adobe Adobe Commerce B2B <=1.3.3-p15', 'Adobe Adobe Commerce <=2.4.9-alpha2', 'Adobe Adobe Commerce <=2.4.8-p2', 'Adobe Adobe Commerce <=2.4.7-p7', 'Adobe Adobe Commerce <=2.4.6-p12', 'Adobe Adobe Commerce <=2.4.5-p14', 'Adobe Adobe Commerce <=2.4.4-p15']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-54236",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-54236"
    }
  },
  "description": "Adobe Commerce\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u79cd\u9762\u5411\u5546\u5bb6\u548c\u54c1\u724c\u7684\u5168\u7403\u9886\u5148\u7684\u6570\u5b57\u5546\u52a1\u89e3\u51b3\u65b9\u6848\u3002\n\nAdobe Commerce\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/magento/apsb25-88.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-21417",
  "openTime": "2025-09-17",
  "patchDescription": "Adobe Commerce\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u79cd\u9762\u5411\u5546\u5bb6\u548c\u54c1\u724c\u7684\u5168\u7403\u9886\u5148\u7684\u6570\u5b57\u5546\u52a1\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nAdobe Commerce\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Commerce\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2025-21417\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Magento Open Source \u003c=2.4.9-alpha2",
      "Adobe Magento Open Source \u003c=2.4.8-p2",
      "Adobe Magento Open Source \u003c=2.4.7-p7",
      "Adobe Magento Open Source \u003c=2.4.6-p12",
      "Adobe Magento Open Source \u003c=2.4.5-p14",
      "Adobe Adobe Commerce B2B \u003c=1.5.3-alpha2",
      "Adobe Adobe Commerce B2B \u003c=1.5.2-p2",
      "Adobe Adobe Commerce B2B \u003c=1.4.2-p7",
      "Adobe Adobe Commerce B2B \u003c=1.3.4-p14",
      "Adobe Adobe Commerce B2B \u003c=1.3.3-p15",
      "Adobe Adobe Commerce \u003c=2.4.9-alpha2",
      "Adobe Adobe Commerce \u003c=2.4.8-p2",
      "Adobe Adobe Commerce \u003c=2.4.7-p7",
      "Adobe Adobe Commerce \u003c=2.4.6-p12",
      "Adobe Adobe Commerce \u003c=2.4.5-p14",
      "Adobe Adobe Commerce \u003c=2.4.4-p15"
    ]
  },
  "referenceLink": "https://helpx.adobe.com/security/products/magento/apsb25-88.html",
  "serverity": "\u9ad8",
  "submitTime": "2025-09-11",
  "title": "Adobe Commerce\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2025-21417\uff09"
}

FKIE_CVE-2025-54236

Vulnerability from fkie_nvd - Published: 2025-09-09 14:15 - Updated: 2026-05-12 22:00

CISA KEV

Severity

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
psirt@adobe.com	https://helpx.adobe.com/security/products/magento/apsb25-88.html	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento	Broken Link, Exploit, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236	US Government Resource

Impacted products

Vendor	Product	Version
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.5
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.6
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.7
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce	2.4.8
adobe	commerce	2.4.9
adobe	commerce	2.4.9
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.3
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.3.4
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.4.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.2
adobe	commerce_b2b	1.5.3
adobe	commerce_b2b	1.5.3
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.5
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.6
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.7
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.8
adobe	magento	2.4.9
adobe	magento	2.4.9

JSON

To clipboard

{
  "cisaActionDue": "2025-11-14",
  "cisaExploitAdd": "2025-10-24",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p14:*:*:*:*:*:*",
              "matchCriteriaId": "8412C043-64E7-4DFF-A303-13A6FE113BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p15:*:*:*:*:*:*",
              "matchCriteriaId": "BBDA2BCF-E784-4CF3-B30D-6FF5BEE2055F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*",
              "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6423C754-36F9-4680-9211-60940ED63E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p14:*:*:*:*:*:*",
              "matchCriteriaId": "3472064A-8C79-436B-965A-96834AE8D346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*",
              "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*",
              "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*",
              "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*",
              "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*",
              "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*",
              "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*",
              "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p11:*:*:*:*:*:*",
              "matchCriteriaId": "47A86566-DE38-4032-947D-B6181F0BC120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B7D1D684-CE7E-4D6D-95B5-1F86A8DB6C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*",
              "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*",
              "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*",
              "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*",
              "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*",
              "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*",
              "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*",
              "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*",
              "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*",
              "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*",
              "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p6:*:*:*:*:*:*",
              "matchCriteriaId": "13726DEE-FFCB-447B-9FFF-136F132F2C4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p7:*:*:*:*:*:*",
              "matchCriteriaId": "1A9443CE-AE1F-4D66-9C88-5E2E3FD28EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6D05A958-9749-486A-A149-C21647CDCADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "C9E12B43-AD3E-48A2-9042-5586186CA3BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:p1:*:*:*:*:*:*",
              "matchCriteriaId": "C267AF14-7BA8-4D1F-BCD9-BE3ED0DA3D25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:p2:*:*:*:*:*:*",
              "matchCriteriaId": "B4947C63-CFD9-437B-A09E-A197DCE40095",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.9:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "37F32F70-7B2A-4BAB-B3F0-AFF5C04CCDED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce:2.4.9:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "8B6B7609-6A8E-4154-BC05-2A9099909684",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "E396FB4F-B20A-4BF9-8FBD-014A0F197F08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*",
              "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*",
              "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*",
              "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*",
              "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:*:*:*:*:*:*",
              "matchCriteriaId": "F9258027-8A6A-4C6A-BC6F-349B6E03D828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:*:*:*:*:*:*",
              "matchCriteriaId": "934C52C7-8751-481E-BAA7-F631C4E31F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "5677B7E2-FA07-4536-96A9-2C64BEFD3751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "2DCD1522-6E27-474F-9FC6-413409D6AD55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "B7968FCA-CCFD-4222-8FB8-E6E21107944F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "8C175A1F-7814-4C51-A7B7-AD5140F0688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:*:*:*:*:*:*",
              "matchCriteriaId": "E66CBFB3-40C3-474A-A3A3-12135F610814",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:*:*:*:*:*:*",
              "matchCriteriaId": "F51DFA17-1875-41A9-B141-D89BB6238B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:*:*:*:*:*:*",
              "matchCriteriaId": "5A4D10EF-9137-4DF5-A5DD-97907E8B4C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:*:*:*:*:*:*",
              "matchCriteriaId": "5CD0DC76-7181-4954-A59E-AB7BB47D0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "374E7EDD-512A-4633-A136-01A656935334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*",
              "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*",
              "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*",
              "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:*:*:*:*:*:*",
              "matchCriteriaId": "EB9955CA-7E7B-40D3-A85D-58BB0D9AC897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:*:*:*:*:*:*",
              "matchCriteriaId": "5D0A17AC-D433-47C2-A1AC-88291DCCECCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "0E9D364A-C858-4160-8B8B-33ECF94796D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "61559E50-581E-40FF-9FD4-10192ECFCD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DE3BFB41-5633-4167-B1EA-9E958BCE9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "F2C525D2-837D-486A-8B38-5634AE2ECE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "6F220229-F2DF-4C9D-90A6-8B09F8BE3391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "63AB9506-3F8E-4C2E-A859-2380431C15A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:*:*:*:*:*:*",
              "matchCriteriaId": "51B76658-EA6B-4AC9-9D9C-374C5308D069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:*:*:*:*:*:*",
              "matchCriteriaId": "500E3A54-D7C7-4887-9EA6-7DF85389A831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:*:*:*:*:*:*",
              "matchCriteriaId": "ED6FFC1D-E921-4FF7-9928-015630613FE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "79CBDF59-EB84-44D3-81CF-5CBF943B411E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "2117B163-D88E-4EB4-AEA7-F27FB732BD48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "508EE0EF-D54A-4834-84AB-FFC62040FDAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "4D7C6592-33B0-4586-8178-E8F4EB837B7F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p13:*:*:open_source:*:*:*",
              "matchCriteriaId": "E99C1F27-68C9-481F-B01D-8B58B0AFB437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p14:*:*:open_source:*:*:*",
              "matchCriteriaId": "D4A3F4C7-8784-43BD-A11B-E66872DD8812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p11:*:*:open_source:*:*:*",
              "matchCriteriaId": "AE724531-422D-4ABB-98F5-2C0B1BBEF031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p12:*:*:open_source:*:*:*",
              "matchCriteriaId": "BB499397-0E40-45B0-A7E9-BEFCC909DD07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*",
              "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*",
              "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*",
              "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*",
              "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*",
              "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*",
              "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*",
              "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*",
              "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p6:*:*:open_source:*:*:*",
              "matchCriteriaId": "082F8B60-ECC5-4C55-BBFE-A0C8A3E95590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p7:*:*:open_source:*:*:*",
              "matchCriteriaId": "A7B83AD4-3134-414A-80E3-106C3C0F975A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*",
              "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta1:*:*:open_source:*:*:*",
              "matchCriteriaId": "59C10C74-FDB1-46EC-8F41-F3AC24AEFB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*",
              "matchCriteriaId": "2957B390-52C5-48D7-A6D7-709BC76B9C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:p1:*:*:open_source:*:*:*",
              "matchCriteriaId": "524F64B6-F7F7-4926-884F-E9448636007C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.8:p2:*:*:open_source:*:*:*",
              "matchCriteriaId": "9F56F919-69B6-4A77-B8CE-F13409542F14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.9:alpha1:*:*:open_source:*:*:*",
              "matchCriteriaId": "E34849F7-54EE-4E4C-9184-3DE9C30E12AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:magento:2.4.9:alpha2:*:*:open_source:*:*:*",
              "matchCriteriaId": "4E21DFF0-9F15-44D2-B78A-097BF3ACD752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction."
    }
  ],
  "id": "CVE-2025-54236",
  "lastModified": "2026-05-12T22:00:01.607",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "psirt@adobe.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-09T14:15:46.563",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "psirt@adobe.com",
      "type": "Secondary"
    }
  ]
}

GHSA-WH92-6Q6G-PX7J

Vulnerability from github – Published: 2025-09-09 15:31 – Updated: 2025-10-27 15:13

Summary

Magento Community Edition Improper Input Validation vulnerability

Details

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact to high. Exploitation of this issue does not require user interaction.

Severity

9.1 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.4.5-p14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.6"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.6-p1"
            },
            {
              "last_affected": "2.4.6-p12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.5"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.9-alpha1"
            },
            {
              "last_affected": "2.4.9-alpha2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.7"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.8"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.7-beta1"
            },
            {
              "last_affected": "2.4.7-p7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.8-beta1"
            },
            {
              "last_affected": "2.4.8-p2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "versions": [
        "2.4.9"
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/project-community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-54236"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-10T20:40:00Z",
    "nvd_published_at": "2025-09-09T14:15:46Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact to high. Exploitation of this issue does not require user interaction.",
  "id": "GHSA-wh92-6q6g-px7j",
  "modified": "2025-10-27T15:13:09Z",
  "published": "2025-09-09T15:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54236"
    },
    {
      "type": "WEB",
      "url": "https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/magento/magento2"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html"
    },
    {
      "type": "WEB",
      "url": "https://nullsecurityx.codes/cve-2025-54236-sessionreaper-unauthenticated-rce-in-magento"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Magento Community Edition Improper Input Validation vulnerability"
}

NCSC-2025-0284

Vulnerability from csaf_ncscnl - Published: 2025-09-10 10:49 - Updated: 2025-09-10 10:49

Summary

Kwetsbaarheid verholpen in Adobe Commerce en Magento

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Adobe heeft een kwetsbaarheid verholpen in Adobe Commerce en Magento.

Interpretaties: De kwetsbaarheid bevindt zich in de wijze waarop invoer wordt gevalideerd in Adobe Commerce en Magento. Deze kwetsbaarheid stelt aanvallers in staat om sessieovername-aanvallen uit te voeren zonder enige interactie van de gebruiker, wat de vertrouwelijkheid en integriteit van gebruikerssessies kan compromitteren.

Oplossingen: Adobe heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CVE-2025-54236

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Adobe / Adobe Commerce		vers:unknown/*
vers:unknown/* Adobe / Adobe Commerce B2B		vers:unknown/*
vers:unknown/* Adobe / Magento Open Source		vers:unknown/*

References

2 references

URL	Category
https://helpx.adobe.com/security/products/magento…	external
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Adobe heeft een kwetsbaarheid verholpen in Adobe Commerce en Magento.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheid bevindt zich in de wijze waarop invoer wordt gevalideerd in Adobe Commerce en Magento. Deze kwetsbaarheid stelt aanvallers in staat om sessieovername-aanvallen uit te voeren zonder enige interactie van de gebruiker, wat de vertrouwelijkheid en integriteit van gebruikerssessies kan compromitteren. ",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Adobe heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html"
      }
    ],
    "title": "Kwetsbaarheid verholpen in Adobe Commerce en Magento",
    "tracking": {
      "current_release_date": "2025-09-10T10:49:56.787627Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0284",
      "initial_release_date": "2025-09-10T10:49:56.787627Z",
      "revision_history": [
        {
          "date": "2025-09-10T10:49:56.787627Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Adobe Commerce"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Adobe Commerce B2B"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Magento Open Source"
          }
        ],
        "category": "vendor",
        "name": "Adobe"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-54236",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-54236 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54236.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-54236"
    }
  ]
}

WID-SEC-W-2025-1999

Vulnerability from csaf_certbund - Published: 2025-09-08 22:00 - Updated: 2025-10-22 22:00

Summary

Adobe Magento SessionReaper: Schwachstelle ermöglicht Umgehung von Sicherheitsmaßnahmen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Magento ist ein Online-Shop System von Adobe.

Angriff: Ein Angreifer kann eine Schwachstelle in Adobe Magento ausnutzen, um Sicherheitsmaßnahmen zu umgehen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2025-54236

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Adobe Magento Adobe / Magento	`cpe:/a:adobe:magento:-`	—
Adobe Magento <Hotfix for CVE-2025-54236 Adobe / Magento		<Hotfix for CVE-2025-54236

References

6 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://sansec.io/research/sessionreaper	external
https://securityonline.info/adobe-issues-emergenc…	external
https://helpx.adobe.com/security/products/magento…	external
https://sansec.io/research/sessionreaper-exploitation	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Magento ist ein Online-Shop System von Adobe.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann eine Schwachstelle in Adobe Magento ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1999 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1999.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1999 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1999"
      },
      {
        "category": "external",
        "summary": "Sansec Research vom 2025-09-08",
        "url": "https://sansec.io/research/sessionreaper"
      },
      {
        "category": "external",
        "summary": "SecurityOnline vom 2025-09-08",
        "url": "https://securityonline.info/adobe-issues-emergency-patch-for-sessionreaper-cve-2025-54236-one-of-magentos-most-critical-flaws/"
      },
      {
        "category": "external",
        "summary": "Adobe Security Bulletin APSB25-88 vom 2025-09-09",
        "url": "https://helpx.adobe.com/security/products/magento/apsb25-88.html"
      },
      {
        "category": "external",
        "summary": "Sansec Research vom 2025-10-22",
        "url": "https://sansec.io/research/sessionreaper-exploitation"
      }
    ],
    "source_lang": "en-US",
    "title": "Adobe Magento SessionReaper: Schwachstelle erm\u00f6glicht Umgehung von Sicherheitsma\u00dfnahmen",
    "tracking": {
      "current_release_date": "2025-10-22T22:00:00.000+00:00",
      "generator": {
        "date": "2025-10-23T07:43:27.821+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1999",
      "initial_release_date": "2025-09-08T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-09-08T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-09-09T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von European Union Vulnerability Database und Adobe aufgenommen"
        },
        {
          "date": "2025-10-22T22:00:00.000+00:00",
          "number": "3",
          "summary": "Aktive Ausnutzung gemeldet"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Adobe Magento",
                "product": {
                  "name": "Adobe Magento",
                  "product_id": "T046802",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:magento:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cHotfix  for CVE-2025-54236",
                "product": {
                  "name": "Adobe Magento \u003cHotfix  for CVE-2025-54236",
                  "product_id": "T046808"
                }
              },
              {
                "category": "product_version",
                "name": "Hotfix  for CVE-2025-54236",
                "product": {
                  "name": "Adobe Magento Hotfix  for CVE-2025-54236",
                  "product_id": "T046808-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:adobe:magento::hotfix__for_cve-2025-54236"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Magento"
          }
        ],
        "category": "vendor",
        "name": "Adobe"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-54236",
      "product_status": {
        "known_affected": [
          "T046802",
          "T046808"
        ]
      },
      "release_date": "2025-09-08T22:00:00.000+00:00",
      "title": "CVE-2025-54236"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-54236 (GCVE-0-2025-54236)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Solutions

Solutions

Tags

Sightings

Nomenclature