Submit Link Subscribe

file upload

Disable Customer File Upload

A Magento 2 security module that disables the unauthenticated customer address file upload endpoint to protect against CVE-2025-54236 (SessionReaper) and related file upload vulnerabilities.

https://github.com/AquiveMedia/magento2-disable-customer-upload-controller

1

14

#security #file upload #Customers #SessionReaper

14 Nov 2025
Shutting Down File Upload Controllers for SessionReaper is futile

Since Searchlight Cyber published a technical write up and proof-of-concept for the SessionReaper vulnerability, attackers have been mass scanning Magento / Adobe Commerce stores for vulnerable targets. The first phase of the attack involves uploading a payload containing malicious session data to the server.

https://maxchadwick.xyz/blog/shutting-down-file-upload-controllers-for-session-reaper-is-futile

#security #vulnerability #file upload #SessionReaper

11 Nov 2025

Got a link to share?