CVE-2025-54236Adobe Commerce and Magento Improper Input Validation Vulnerability

PUBLISHEDvulnerability record
2025-10-24 · last modified October 24, 2025

Metadata

CVE ID:
CVE-2025-54236
Project:
Adobe
Product:
Commerce and Magento
Date Added:
2025-10-24
Due Date:
2025-11-14
Last Updated:
October 24, 2025

Vulnerability Name

Adobe Commerce and Magento Improper Input Validation Vulnerability

Description

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

Related Weaknesses