CVE-2025-54236 (SessionReaper) is a critical unauthenticated Remote Code Execution vulnerability (CVSS 9.1) affecting Magento 2 / Adobe Commerce.
- Attack Vector:
/customer/address_file/uploadendpoint - Impact: Unauthenticated RCE via Phar deserialization