Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
PoC: SessionReaper-CVE-2025-54236
PoC Magento Session Reaper - CVE-2025-54236
PoC: session_reaper_lab
Ambiente Docker para demonstração prática da CVE-2025-54236 (SessionReaper): PHP Object Deserialization levando a RCE em Magento Open Source 2.4.7
PoC: magento-upload-auto-submit-zoneh
SessionReaper-CVE-2025-54236
PoC: CVE-2025-54236_PoC
CVE-2025-54236
PoC: cve-2025-54236
cve-2025-54236 poc
PoC: CVE-2025-54236
CVE-2025-54236 - Magento Remote Code Execution Exploit
PoC: magento2-session-reaper-patch
Patch for CVE-2025-54236(a.k.a Session Reaper) which allows customer account takeover and RCE under certain conditions. This patch is actually a Magento 2 extension and universal compatible for Magento 2.3 & 2.4. If you cannot upgrade Magento or cannot apply the official hotfix, try this one.
PoC: day01-sessionreaper-lab
This is a tiny lab that simulates the core idea reported for CVE-2025-54236 (“SessionReaper”)
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free