Adobe Commerce Improper Input Validation Vulnerability Leading to Session Takeover

A vulnerability allowing improper input validation has been identified in Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier. This vulnerability can be exploited by an attacker to achieve session takeover, significantly increasing the risks to confidentiality and integrity. Notably, exploitation of this issue does not require any user interaction.

Impact

Successful exploitation of this vulnerability can lead to session takeover, allowing an attacker to impersonate a user and potentially access or modify sensitive information.

Remediation

Users are advised to update to the latest version of Adobe Commerce. A hotfix for this vulnerability is available and compatible with all Adobe Commerce versions between 2.4.4 and 2.4.7. For more details, refer to the Release Notes for the hotfix on CVE-2025-54236.