Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Improper input validation vulnerability in Adobe Commerce and an alarming Windows Server Update Service issue have been added to the US cyber agency’s KEV catalogue.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog – a Microsoft vulnerability that has been alarming analysts, alongside a vulnerability in the Adobe Commerce e-commerce platform.
Cyber Daily has already covered CVE-2025-59287 in detail here, but long story short, it’s a vulnerability in Windows Server Update Service that has been actively exploited since an initial Microsoft update failed to properly mitigate the issue.
Both the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) and CISA released alerts regarding the critical remote code execution vulnerability, with watchTowr boss Benjamin Harris saying that exploitation is widespread and indiscriminate.
“If an unpatched WSUS instance is online, at this stage it has likely already been compromised,” Harris told Cyber Daily.
“There really is no legitimate reason in 2025 to have WSUS accessible from the internet – any organisation in that situation likely needs guidance to understand how they ended up in this position.”
CVE-2025-54236, however, is an improper input validation vulnerability in Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier; and in versions of Magento Open Source. It could allow an attacker to gain control of a session, and does not require user interaction.
The vulnerability was initially disclosed by Adobe in early September, with the company noting at the time that it was not aware of any in-the-wild exploits impacting the vulnerability. It was rated critical severity and given a CVSS score of 9.1.
A hotfix was released at the time, and for those yet to patch, it can be found here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
