🔥 Just Launched! Werra Premium Template for HyväSee it in Action

Install Immediately: Magento 2 Security Patches MDVA-43395 & MDVA-43443 to Fix RCE Vulnerability

By Sanjay JethvaUpdated on Jun 11, 2025 3 min read

If you are running your store on Adobe Commerce (2.3.3-p1-2.3.7-p2) and Magento Open Source (2.4.0-2.4.3-p1), then your store is at high risk!

A zero-day bug is being exploited in the above-mentioned versions of Magento in the wild by the attackers, which has forced Adobe to roll out emergency security patches to secure the stores.

The detected RCE bug can allow the attackers to execute arbitrary codes on the stores and harm them. Here is how you can secure your online Magento store from the Adobe RCE bug.

The latest security update (APSB25-50) by Adobe was released on June 10, 2025. You can apply the patches VULN-31609_2.4.X & VULN-31547_2.4.8 patches to fix it.

Critical RME Bug Discovered in Adobe Commerce & Magento Open Source

On Sunday, Feb 13, 2022, Adobe released an emergency security patch – MDVA-43395 for the Magento stores to fix the newly discovered RCE bug in the Adobe Commerce and Magento Open Source. “These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution,” mentioned the Adobe security bulletin – APSB22-12.

Common Vulnerabilities and Exposures (CVE) database that manages the public security flaws, assigned CVE-2022-24086 as the tracking id to the vulnerability. CVSS declared the vulnerability to be critical and rated it  9.8/10, which needs to be fixed immediately.

On Feb 17, 2022, Abobe released another security patch – MDVA-43443 to fix the security vulnerability in the affected versions and updated the security tracking ID to CVE-2022-24087, with updated details and information on the improper input validation vulnerability.  “In order to stay up to date with the latest protections, customers must apply two patches: MDVA-43395 patch first, and then MDVA-43443 on top of it,” declared Adobe.

Adobe Released MDVA-43395 & MDVA-43443 Security Patches to Fix the Vulnerability

Magento security patch update on Twitter

Adobe released the following patches for the affected versions of Adobe commerce & Magento open source:

ProductUpdated Version
Adobe Commerce 2.4.3 – 2.4.3-p1MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip and MDVA-43443_EE_2.4.3-p1_COMPOSER_v1.patch.zip
Magento Open Source 2.4.3 – 2.4.3-p1MDVA-43395_EE_2.4.3-p1_v1.patch.zip and MDVA-43443_EE_2.4.3-p1_v1.patch.zip
Adobe Commerce 2.3.4-p2 – 2.4.2-p2MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip and MDVA-43443_EE_2.4.2-p2_COMPOSER_v1.patch.zip
Adobe Commerce 2.3.3-p1 – 2.3.4MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip and MDVA-43443_EE_2.3.4_COMPOSER_v1.patch.zip
Magento Open Source 2.3.3-p1 – 2.3.4MDVA-43395_EE_2.4.3-p1_COMPOSER_v1.patch.zip and MDVA-43443_EE_2.3.4_COMPOSER_v1.patch.zip
MDVA-43395_EE_2.4.3-p1_v1.patch.zip and MDVA-43443_EE_2.3.4_v1.patch.zip

The RCE vulnerability is highly critical and serious enough to force Adobe to warrant an immediate security patch. Thus, Meetanshi recommends patching the Magento stores with the latest Adobe security patch to build a solid security shield against the known security loophole.

You can use learn to install Magento 2 security patches to learn installing security patches on your Magento platform and safeguard your store against any such security vulnerabilities.

Sanjay Jethva Full Image
Article bySanjay Jethva

Sanjay is the co-founder and CTO of Meetanshi with hands-on expertise with Magento since 2011. He specializes in complex development, integrations, extensions, and customizations. Sanjay is one the top 50 contributor to the Magento community and is recognized by Adobe. His passion for Magento 2 and Shopify solutions has made him a trusted source for businesses seeking to optimize their online stores. He loves sharing technical solutions related to Magento 2 & Shopify.