CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2022-24086

CVSS 9.8v3.1pub. 2022-02-16upd. 2025-10-23

Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Adobe Commerce

    APP
    Adobe
    2.3.72.4.32.3.3 – 2.3.62.4.0 – 2.4.2< 2.3.0
  • Adobe Magento

    APP
    Adobe
    2.3.72.4.32.4.0 – 2.4.2≤ 2.3.6< 2.3.0

CISA KEV — detailsi

Vendori
Adobe
Producti
Commerce and Magento Open Source
Added to KEVi
February 15, 2022
Remediation deadline (US Federal)i
March 1, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 1 marca 2022
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-54236CRITICAL9.1⚠ KEVPL ✓ten sam produkt

Adobe Commerce/Magento — przejęcie sesji przez Improper Input Validation

CVE-2024-34102CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Krytyczna podatność XXE w Adobe Commerce umożliwiająca RCE

CVE-2025-24434CRITICAL9.1PL ✓ten sam produkt

Adobe Commerce — Incorrect Authorization umożliwiające privilege escalation

CVE-2024-45115CRITICAL9.8PL ✓ten sam produkt

Adobe Commerce — nieprawidłowe uwierzytelnienie umożliwiające privilege escalation

CVE-2024-39397CRITICAL9.0PL ✓ten sam produkt

Adobe Commerce — RCE poprzez nieograniczony upload niebezpiecznych plików