PHPackages                             wubinworks/module-session-reaper-patch - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. wubinworks/module-session-reaper-patch

ActiveMagento2-module[Security](/categories/security)

wubinworks/module-session-reaper-patch
======================================

Patch for CVE-2025-54236(a.k.a Session Reaper) which allows customer account takeover and RCE under certain conditions. This patch is actually a Magento 2 extension and universal compatible for Magento 2.3 &amp; 2.4. If you cannot upgrade Magento or cannot apply the official hotfix, try this one.

1.0.1(7mo ago)3415OSL-3.0PHPPHP &gt;=7.1

Since Oct 19Pushed 7mo agoCompare

[ Source](https://github.com/wubinworks/magento2-session-reaper-patch)[ Packagist](https://packagist.org/packages/wubinworks/module-session-reaper-patch)[ Docs](https://www.wubinworks.com/session-reaper-patch.html)[ RSS](/packages/wubinworks-module-session-reaper-patch/feed)WikiDiscussions master Synced today

READMEChangelog (2)Dependencies (1)Versions (4)Used By (0)

Magento 2 Session Reaper Patch for CVE-2025-54236
=================================================

[](#magento-2-session-reaper-patch-for-cve-2025-54236)

**Patch for CVE-2025-54236(a.k.a Session Reaper) which allows customer account takeover and RCE under certain conditions. This patch is actually a Magento 2 extension and universal compatible for Magento 2.3 &amp; 2.4. If you cannot upgrade Magento or cannot apply the official hotfix, try this one.**

Background
----------

[](#background)

### CVSS score

[](#cvss-score)

**9.1 CRITICAL**

### Official information

[](#official-information)

- [Published on 2025-09-09](https://helpx.adobe.com/security/products/magento/apsb25-88.html)
- [Hotfix](https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397)

### What can the attacker damage your store?

[](#what-can-the-attacker-damage-your-store)

- Customer account takeover
- RCE under certain conditions

Feature
-------

[](#feature)

- Fixes CVE-2025-54236(a.k.a Session Reaper) vulnerability

#### Compatibility

[](#compatibility)

*No `preference` is used, so your Magento is still upgradable.*

#### Behavior difference

[](#behavior-difference)

*The official fix still allows dangerous parameter to go to `Setter`s, this patch does not allow it.*

Requirements
------------

[](#requirements)

Magento/Adobe Commerce 2.3 or 2.4

Installation
------------

[](#installation)

```
composer require wubinworks/module-session-reaper-patch
```

♥
-

[](#)

If you like this extension or this extension helped you, please ***share*** and ***★star☆*** [this repository](https://github.com/wubinworks/magento2-session-reaper-patch), it's not hard!

### You may also like these extensions

[](#you-may-also-like-these-extensions)

#### Security

[](#security)

- [Magento 2 Cosmic Sting Patch for CVE-2024-34102](https://github.com/wubinworks/magento2-cosmic-sting-patch "Magento 2 Cosmic Sting Patch for CVE-2024-34102")
- [Magento 2 Trojan Orders Patch for CVE-2022-24086, CVE-2022-24087](https://github.com/wubinworks/magento2-template-filter-patch "Magento 2 Trojan Orders Patch for CVE-2022-24086, CVE-2022-24087")
- [Magento 2 Enhanced XML Security](https://github.com/wubinworks/magento2-enhanced-xml-security "Magento 2 Enhanced XML Security")
- [Magento 2 Encryption Key Manager CLI](https://github.com/wubinworks/magento2-encryption-key-manager-cli "Magento 2 Encryption Key Manager CLI")
- [Magento 2 JWT Authentication Patch](https://github.com/wubinworks/magento2-jwt-auth-patch "Magento 2 JWT Authentication Patch")

#### Feature

[](#feature-1)

- [Magento 2 Free Sitemap Based Cache Warmer Extension](https://github.com/wubinworks/magento2-free-cache-warmer "Magento 2 Free Sitemap Based Cache Warmer Extension")
- [Magento 2 Disable Customer Extension](https://github.com/wubinworks/magento2-disable-customer "Magento 2 Disable Customer Extension")
- [Magento 2 Disable Customer Change Email Extension](https://github.com/wubinworks/disable-change-email "Magento 2 Disable Customer Change Email Extension")
- [Magento 2 Price Formatter Extension](https://github.com/wubinworks/magento2-price-formatter "Magento 2 Price Formatter Extension")

###  Health Score

32

—

LowBetter than 69% of packages

Maintenance62

Regular maintenance activity

Popularity20

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity33

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~21 days

Total

2

Last Release

237d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/7de965a6287fb784969afeb4b173521d3cb59c6b873b7248263abb9fc098eddd?d=identicon)[wubinworks](/maintainers/wubinworks)

---

Top Contributors

[![wubinworks](https://avatars.githubusercontent.com/u/127310257?v=4)](https://github.com/wubinworks "wubinworks (3 commits)")

---

Tags

customer-account-takeovercve-2025-54236magento2-extensionpatchrcesecuritysession-reapersession-takeoversessionreapervulnerabilitysecuritymagento2magento 2CVE-2025-54236sessionreapervulnerabilityrcesession reapersession takeovercustomer account takeover

### Embed Badge

![Health badge](/badges/wubinworks-module-session-reaper-patch/health.svg)

```
[![Health](https://phpackages.com/badges/wubinworks-module-session-reaper-patch/health.svg)](https://phpackages.com/packages/wubinworks-module-session-reaper-patch)
```

###  Alternatives

[psecio/versionscan

A PHP version scanner for reporting possible vulnerabilities

25056.4k1](/packages/psecio-versionscan)[mitnick/laravel-security

laravel-mitnick helps you secure your Laravel apps by setting various HTTP headers. it can help!

8111.8k1](/packages/mitnick-laravel-security)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
