An emergency Magento patch for CVE-2025-54236 is expected within 24 hours from Adobe on September 9th 2025.
This patch fixes a critical vulnerability, SessionReaper, which has been classed as severe and should be applied by all developers upon release.
As always we recommend a test and deploy strategy as soon as the patch is made available.
Updated information from adobe is available here
