wubinworks / module-session-reaper-patch
Patch for CVE-2025-54236(a.k.a Session Reaper) which allows customer account takeover and RCE under certain conditions. This patch is actually a Magento 2 extension and universal compatible for Magento 2.3 & 2.4. If you cannot upgrade Magento or cannot apply the official hotfix, try this one.
Installs: 5
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Type:magento2-module
pkg:composer/wubinworks/module-session-reaper-patch
Requires
- php: >=7.1
- magento/magento2-base: ~2.3.0 || ~2.4.0
This package is not auto-updated.
Last update: 2025-10-20 10:52:24 UTC
README
Patch for CVE-2025-54236(a.k.a Session Reaper) which allows customer account takeover and RCE under certain conditions. This patch is actually a Magento 2 extension and universal compatible for Magento 2.3 & 2.4. If you cannot upgrade Magento or cannot apply the official hotfix, try this one.
Background
CVSS score
9.1 CRITICAL
Official information
What can the attacker damage your store?
- Customer account takeover
- RCE under certain conditions
Feature
- Fixes CVE-2025-54236(a.k.a Session Reaper) vulnerability
Compatibility
No preference is used, so your Magento is still upgradable.
Requirements
Magento/Adobe Commerce 2.3 or 2.4
Installation
composer require wubinworks/module-session-reaper-patch
♥
If you like this extension or this extension helped you, please share and ★star☆ this repository, it's not hard!
You may also like these extensions
Security
- Magento 2 Cosmic Sting Patch for CVE-2024-34102
- Magento 2 Trojan Orders Patch for CVE-2022-24086, CVE-2022-24087
- Magento 2 Enhanced XML Security
- Magento 2 Encryption Key Manager CLI
- Magento 2 JWT Authentication Patch