Skip to content
#

sessionreaper

Star

Here is 1 public repository matching this topic...

wubinworks / magento2-session-reaper-patch

Star 1

Patch for CVE-2025-54236(a.k.a Session Reaper) which allows customer account takeover and RCE under certain conditions. This patch is actually a Magento 2 extension and universal compatible for Magento 2.3 & 2.4. If you cannot upgrade Magento or cannot apply the official hotfix, try this one.

security rce vulnerability patch magento2-extension cve-2025-54236 sessionreaper session-reaper session-takeover customer-account-takeover
  • Updated Nov 9, 2025
  • PHP

Improve this page

Add a description, image, and links to the sessionreaper topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the sessionreaper topic, visit your repo's landing page and select "manage topics."

Learn more