CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Nov 14, 2025
High
CISA KEVCVE-2025-54236
Adobe—Commerce and Magento
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
Required Action
https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54236
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Oct 24, 2025
- KEV Added
- Oct 24, 2025
- Due Date
- Nov 14, 2025
- Related Articles
- 0
Vendor
Adobe
Commerce and Magento