The latest in Magento land
Do you know that feeling? You worked long and hard on that blog post? Or that super wicked Magento extension? And then you hit publish and... nothing. No one reads it. No one sees it. It just sits there. Well, not anymore! Mage Dispatch is here to help you get your content out there.
Mage Dispatch is a newsletter for the community and by the community. Here you can share links that you think that the community should know about. We will include it in our next newsletter.
-
https://slcyber.io/assetnote-security-research-center/why-nested-deserialization-is-still-harmful-magento-rce-cve-2025-54236/
A recent vulnerability in Adobe's e-commerce platform, identified as CVE-2025-54236, poses risks of remote code execution, particularly through file-based session storage, which can be exploited by unauthenticated users. The article analyzes the patch related to this vulnerability, its deserialization mechanisms, and offers insights into potential exploitation methods and vulnerabilities remaining in the application. The narrative provides a deep dive into the exploit chain and necessary payloads while exploring the implications of session management and type handling in the context of security.
28 Oct 2025
