Patch for CVE-2025-54236(a.k.a Session Reaper) which allows customer account takeover and RCE under certain conditions. This patch is actually a Magento 2 extension and universal compatible for Magento 2.3 & 2.4. If you cannot upgrade Magento or cannot apply the official hotfix, try this one.
security rce vulnerability patch magento2-extension cve-2025-54236 sessionreaper session-reaper session-takeover customer-account-takeover
-
Updated
Nov 9, 2025 - PHP