PolyShell Vulnerability Exposes Adobe Commerce and Magento to Remote Code Execution

Summary Sansec reports "PolyShell," an unrestricted file upload vulnerability (CVE-2025-20720) in Magento and Adobe Commerce that allows unauthenticated attackers to achieve remote code execution via the REST API. Take Action: If you are using Adobe Commerce and Magento Open Source, restrict web server access to the pub/media/custom_options/ directory to prevent the execution of uploaded malicious scripts. Since a production patch is currently not afailable, deploy a web application firewall to block exploit attempts in real-time. Read the full article on BeyondMachines This article was originally published on BeyondMachines

PolyShell Vulnerability Exposes Adobe Commerce and Magento to Remote Code Execution

Related Articles

My home network observes bedtime with OpenBSD and pf

What Is URL Encoding and Why Does Your Link Look Like %20%3F%26

The secret story of the vocoder, the military tech that changed music forever

Programming Is Not Just About Syntax

How I Actually Start Low-Level Design Before Thinking About Design Patterns

Related Articles

News
My home network observes bedtime with OpenBSD and pf
Lobsters • 17m ago

News
What Is URL Encoding and Why Does Your Link Look Like %20%3F%26
Medium Programming • 38m ago

News
The secret story of the vocoder, the military tech that changed music forever
The Verge • 43m ago

News
Programming Is Not Just About Syntax
Medium Programming • 45m ago

News
How I Actually Start Low-Level Design Before Thinking About Design Patterns
Medium Programming • 49m ago