A Magento 2 module designed to address a potential security concern related to custom options. It ensures that custom option values are correctly validated before processing, preventing unauthorized 'file' type injections.
24 Mar 2026
Mitigates the PolyShell vulnerability (APSB25-94) — an unrestricted file upload in the Magento REST API that allows attackers to upload executable files via cart item custom option file uploads.
24 Mar 2026
This module provides a dashboard inside the Magento admin to view your composer packages: What packages are installed? Are they up to date? Are there any security advisories for these packages?
A Magento 2 security module that disables the unauthenticated customer address file upload endpoint to protect against CVE-2025-54236 (SessionReaper) and related file upload vulnerabilities.
14 Nov 2025
Deploying patches is simple for in-house development teams or smaller Agencies maintaining only a few stores. Manually applying patches per project is simple, but doesn’t scale well. Both from time cost and security exposure perspectives.
11 Nov 2025
How to guide on checking if your Magento 2 store is safe from the Session Reaper (CVE-2025-54236) exploit. And guidance on how to patch and secure your site if it is not.
11 Nov 2025
Since Searchlight Cyber published a technical write up and proof-of-concept for the SessionReaper vulnerability, attackers have been mass scanning Magento / Adobe Commerce stores for vulnerable targets. The first phase of the attack involves uploading a payload containing malicious session data to the server.
11 Nov 2025
This is a Magento 2 extension that prevents file uploads to /customer/address_file/upload endpoint which is used in combination with an flaw in Magento's logic to upload code and then execute it for CVE-2025-54236.
11 Nov 2025
A recent vulnerability in Adobe's e-commerce platform, identified as CVE-2025-54236, poses risks of remote code execution, particularly through file-based session storage, which can be exploited by unauthenticated users. The article analyzes the patch related to this vulnerability, its deserialization mechanisms, and offers insights into potential exploitation methods and vulnerabilities remaining in the application. The narrative provides a deep dive into the exploit chain and necessary payloads while exploring the implications of session management and type handling in the context of security.
28 Oct 2025
Magebean provides a security audit tool that helps identify vulnerabilities in a web application, highlighting critical, high, and medium issues. An example report indicates outdated core software, default admin routes, and permission misconfigurations. For more details and download options, visit their website.