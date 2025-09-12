Protection from CVE-2025-54236 (Adobe Commerce and Magento Open Source Unauthenticated API Access)

An unauthenticated API access vulnerability has been found in Adobe Commerce and Magento Open Source, and has been assigned CVE-2025-54236. Fastly has created a virtual patch for it that is now available within your account. To activate it and add protection to your services, follow the steps for your control panel below.

Next-Gen WAF control panel

Professional or Premier platform Essentials platform Log in to the Next-Gen WAF control panel. From the Sites menu, select a site if you have more than one site. From the Rules menu, select Templated Rules. In the search bar, enter CVE-2025-54236 and then click View for the CVE-2025-54236 templated rule. Click Configure and then Add trigger. Select the Block requests from an IP immediately if the CVE-2025-54236 signal is observed checkbox. Click Update rule.

Fastly control panel