A critical vulnerability (CVE-2025-54236) has been disclosed in Magento / Adobe Commerce. Adobe has confirmed in a prenotification advisory that an emergency patch will be released on September 9th 2025, ahead of the scheduled year-end update in October.
According to the advisory Adobe is not aware of any exploits in the wild currently, but this could quickly change once the patch is released and attackers are able to reverse-engineer it to create an exploit.
What You Need to Know
- Patch release date: Scheduled for September 9th 2025, likely around 14:00 UTC
- Impact: Adobe have stated that successful exploitation could lead to security feature bypass, which in turn could allow attackers to compromise Magento stores.
- Urgency: All merchants should plan to apply the patch immediately once it becomes available
Recommended Preparations for CVE-2025-54236 patching
- Prepare your teams – ensure development and operations staff are ready to apply and test the patch quickly.
- Review staging environments – confirm you can test and validate the update before pushing to production.
- Increase monitoring – watch logs and admin access closely for unusual activity.
- Consider protective measures – Web Application Firewalls and monitoring can reduce exposure until patched.
How Foregenix Can Help
Our team is ready to:
- Support with patch testing and deployment
- Provide threat monitoring for exploitation attempts
- Implement temporary safeguards where patching is delayed
Next Steps
We strongly recommend treating this as a priority one security event.
Foregenix will issue an update once the patch is released. Please contact us if you’d like assistance preparing your systems ahead of time.
