Archive of posts with category 'RCE'

CVE-2025-54236 (SessionReaper) - Magento RCE via Nested Deserialization

Table of Contents Executive Summary Background: Magento’s Web API Framework The Vulnerable Endpoint Request Processing Flow Understanding the Deserialization Process The Exploitation Chain Exploiting for RCE The Patch Analysis Affected...