COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-54236

CVE-2025-54236

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-10-24
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-54236
⌖ exploited in the wild shame 50/100 exploited-in-wild

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.

Players implicated

Adobe · vendorCommerce and Magento · product

Description

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.

Affected FedRAMP products 8 in the catalog

ProductProviderStatusMatch
Adobe Acrobat Sign for Government Adobe Authorized vendor-exact · 0.90
Adobe Analytics Adobe Authorized vendor-exact · 0.90
Adobe Campaign Adobe Authorized vendor-exact · 0.90
Adobe Connect Managed Services (ACMS-GC) Adobe Authorized vendor-exact · 0.90
Adobe Creative Cloud for Enterprise Adobe Authorized vendor-exact · 0.90
Adobe Document Cloud (PDF Services & Adobe Sign) Adobe Authorized vendor-exact · 0.90
Adobe Experience Manager Managed Services (AEMMS-GC) Adobe Authorized vendor-exact · 0.90
Adobe Learning Manager Adobe Authorized vendor-exact · 0.90