To block access to the Magento upload directory to mitigate CVE-2025-54236, add the following snippet to your NGINX configuration.
location ~* /(index.php/|)customer/address_file/upload {
deny all;
}To further protect the environment, it's recommended to remove write access to pub/media/customer_address/.
Delete existing files and remove write access to the pub/media/customer_address/ directory.
rm -rf pub/media/customer_address/*
find pub/media/customer_address -type f -exec chmod a-w {} \;
find pub/media/customer_address -type d -exec chmod a-w {} \;
Comments
0 comments
Article is closed for comments.