Session Reaper Patch (CVE-2025-54236) for Magento 2
wubinworks/module-session-reaper-patch 60
Patches the CVE-2025-54236 (Session Reaper) account-takeover/RCE vulnerability as a universal Magento 2.3/2.4 extension, without using preferences so the store stays upgradable.