Detections
Analytics

Adobe Commerce B2B Improper Input Validation (APSB25-88)

critical Nessus Plugin ID 265751

Language:

Synopsis

The Adobe Commerce B2B instance installed on the remote host is missing security patch.

Description

The version of Adobe Commerce B2B installed on the remote host it is, therefore, affected by a vulnerability as referenced in the APSB25-88 advisory.

 - Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction. (CVE-2025-54236)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Adobe Commerce/Magento Open Source version as advised

See Also

http://www.nessus.org/u?e35841c8

http://www.nessus.org/u?ff4386b4

Plugin Details

Severity: Critical

ID: 265751

File Name: adobe_commerce_btb_apsb25-88.nasl

Version: 1.2

Type: local

Agent: unix

Family: Misc.

Published: 9/23/2025

Updated: 10/24/2025

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.5

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2025-54236

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:commerce_b2b

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/9/2025

Vulnerability Publication Date: 9/9/2025

CISA Known Exploited Vulnerability Due Dates: 11/14/2025

Reference Information

CVE: CVE-2025-54236