Adobe has released security update APSB25-88 (Sept 9, 2025) for Adobe Commerce and Magento Open Source. This patch addresses a critical vulnerability (CVE-2025-54236, CVSS 9.1) that could allow unauthenticated attackers to bypass security features, potentially leading to data theft or full site compromise. All users running affected versions are strongly advised to update immediately.
Affected Versions
The affected versions include various iterations of Adobe Commerce, Adobe Commerce B2B, and Magento Open Source. Users of versions before the following are urged to take immediate action:
- Adobe Commerce: ≤ 2.4.9-alpha2, ≤ 2.4.8-p2, ≤ 2.4.7-p7, ≤ 2.4.6-p12, ≤ 2.4.5-p14, ≤ 2.4.4-p15
- Adobe Commerce B2B: ≤ 1.5.3-alpha2, ≤ 1.5.2-p2, ≤ 1.4.2-p7, ≤ 1.3.4-p14, ≤ 1.3.3-p15
- Magento Open Source: ≤ 2.4.9-alpha2, ≤ 2.4.8-p2, ≤ 2.4.7-p7, ≤ 2.4.6-p12, ≤ 2.4.5-p14
Solution
Adobe has provided updated versions for both Adobe Commerce and Magento Open Source to address these vulnerabilities. Adobe strongly urges users of affected versions to update immediately to the latest patch release to ensure continued security. After applying the patch, Adobe Commerce B2B users should also update to the latest compatible B2B patch.
Detailed installation instructions are available on Adobe’s website.
Why This Matters
- A critical vulnerability (CVE-2025-54236) affects Adobe Commerce and Magento Open Source.
- It allows security feature bypass without authentication or admin privileges.
- The vulnerability rating indicates it poses a high-risk exploit vector.
- Could lead to unauthorized access, data theft, or full site compromise.
Vulnerability Details
The vulnerability CVE-2025-54236 in Adobe Commerce and Magento Open Source is caused by improper input validation, allowing attackers to bypass security features without requiring authentication or administrative privileges. Rated critical with a CVSS score of 9.1, this flaw poses a severe risk as it could enable unauthorized access and exploitation of affected websites if not patched promptly.
You can find detailed information here: Adobe Security Bulletin APSB25-88.
