What is CVE-2026-25524?

CVE-2026-25524 is a high-severity vulnerability in Openmage Magento-lts, classified under Deserialization of Untrusted Data. CVSS score: 8.1/10. Published 2026-04-20.

How severe is CVE-2026-25524?

High severity. CVSS v3 base score is 8.1 out of 10.

Deserialization in Openmage Magento-lts

CVE-2026-25524

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions su…

Vulnerability class: Insecure Deserialization

EPSS: 0.004 (60.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Openmage Magento-lts — versions < 20.17.0

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

https://github.com/OpenMage/magento-lts/security/advisories/GHSA-fg79-cr9c-7369 (x_refsource_CONFIRM)
https://github.com/OpenMage/magento-lts/releases/tag/v20.17.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-25524?: CVE-2026-25524 is a high-severity vulnerability in Openmage Magento-lts, classified under Deserialization of Untrusted Data. CVSS score: 8.1/10. Published 2026-04-20.
How severe is CVE-2026-25524?: High severity. CVSS v3 base score is 8.1 out of 10.