{
  "canonical_id": "magento-open-source--85342933d9",
  "system_id": "magento-open-source",
  "title": "SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236)   2025-09-08  SessionReaper (CVE-2025-54236) is a critical bug in Magento & Adobe Commerce. The bug may hand full control of a store to unauthenticated attackers. Automated attacks have hit over 50% of all stores globally. Merchants should act immediately.   skimming   CVE-2025-54236   magento   adobe-commerce   +5",
  "reasons": [
    "missing affected/fixed version details"
  ],
  "candidate_count": 1,
  "references": [
    "https://sansec.io/research/sessionreaper"
  ]
}