Ethical Hacking News
Adobe Commerce platforms are under siege due to the critical SessionReaper vulnerability (CVE-2025-54236), which allows hackers to take control of account sessions without user interaction. With 62% of Magento stores remaining unpatched, the risk of sensitive customer data breaches is high.
Thousands of Adobe Commerce (formerly Magento) platforms are vulnerable to session takeover attacks due to a critical vulnerability known as SessionReaper. Awareness of the CVE-2025-54236 flaw is crucial, with nearly six weeks having passed since Adobe warned about it. The vulnerability allows attackers to gain control over account sessions without user interaction, putting sensitive customer data at risk. Nearly six in ten Magento stores online remain vulnerable to SessionReaper attacks and are at risk of being compromised by malicious actors. Website administrators are strongly advised to apply the patch or recommended mitigations from Adobe as soon as possible.
The world of e-commerce security has taken a dark turn, as hackers are actively exploiting a critical vulnerability in Adobe Commerce (formerly Magento) platforms. The SessionReaper flaw, identified with the CVE-2025-54236 designation, has left thousands of stores vulnerable to session takeover attacks, putting sensitive customer data at risk.
According to recent findings by e-commerce security firm Sansec, the SessionReaper vulnerability allows attackers to gain control over account sessions without any user interaction. This means that even if a store's login credentials are secure, an attacker can still assume the identity of an administrator or customer and carry out malicious activities, such as unauthorized transactions or data breaches.
The severity of this vulnerability cannot be overstated. Adobe warned about CVE-2025-54236 on September 8, stating that it is an improper input validation vulnerability affecting Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, and 2.4.4-p15 (and earlier). This means that nearly six weeks after the emergency patch for SessionReaper became available, the vulnerability has entered active exploitation.
Sansec researchers have noted that successful exploitation likely depends on storing session data on the file system, which is the default configuration used by most stores. Furthermore, a leaked hotfix from the vendor could provide clues on how to leverage this vulnerability. In essence, if a store fails to apply the patch or follows insecure practices, they may be leaving themselves open to attack.
In recent days, Sansec has reported detecting and blocking over 250 SessionReaper exploitation attempts targeting multiple stores. The majority of these attacks originated from five IP addresses: 34.227.25.4, 44.212.43.34, 54.205.171.35, 155.117.84.134, and 159.89.12.166. These attackers have employed PHP webshells or phpinfo probes to check configuration settings and look for predefined variables on the system.
The implications of this vulnerability are dire. According to Sansec, 62% of Magento stores online have yet to install Adobe's security update and remain vulnerable to SessionReaper attacks. This means that nearly two-thirds of all e-commerce platforms using Adobe Commerce are at risk of being compromised by malicious actors.
In a bid to raise awareness about the severity of this issue, Searchlight Cyber has published a detailed technical analysis of CVE-2025-54236. While not directly related to the exploitation attempts, this research highlights the potential impact of this vulnerability and serves as a warning to store administrators and security professionals.
In light of these findings, website administrators are strongly advised to apply the patch or recommended mitigations from Adobe as soon as possible. The security of their customers' sensitive data depends on it.
The rise of such vulnerabilities highlights the importance of timely patches and regular security updates. As the cybersecurity landscape continues to evolve, it is crucial that e-commerce platforms prioritize security and ensure that all necessary measures are in place to protect against such threats.
In conclusion, the critical SessionReaper vulnerability in Adobe Commerce platforms serves as a stark reminder of the ongoing threat landscape in the world of e-commerce security. The exploitation of this flaw has far-reaching implications for stores and customers alike, underscoring the need for proactive measures to prevent such incidents.
Related Information:
https://www.ethicalhackingnews.com/articles/Adobe-Magento-Platform-Under-Siege-The-Critical-SessionReaper-Vulnerability-Exploitation-Nightmare-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-exploiting-critical-sessionreaper-flaw-in-adobe-magento/
Published: Wed Oct 22 15:10:52 2025 by llama3.2 3B Q4_K_M
