Hackers have began exploiting a critical-severity vulnerability in Adobe Commerce and Magento Open Supply, cybersecurity agency Sansec studies.
Tracked as CVE-2025-54236 (CVSS rating of 9.1), the flaw is described as an improper enter validation subject resulting in safety function bypass.
On September 9, Adobe launched hotfixes for the safety defect, urging customers of Commerce and Magento Open Supply variations between 2.4.4 and a couple of.4.7 to replace their deployments.
Sansec warned on the time that menace actors have been probably engaged on weaponizing the bug, known as SessionReaper, after Adobe’s patch leaked one week earlier than the hotfix was launched.
Now, Sansec says lively exploitation of CVE-2025-54236 has began, with roughly 250 assaults noticed on Wednesday. The recognized payloads contained PHP webshells and phpinfo probes.
The exploitation exercise is anticipated to surge quick, as lower than half of the ecommerce websites have been patched towards the vulnerability.
Moreover, on Wednesday, Searchlight Cyber printed technical info on SessionReaper and its exploitation, that are anticipated to gas the bug’s in-the-wild concentrating on.
“With exploit particulars now public and lively assaults already noticed, we anticipate mass exploitation inside the subsequent 48 hours. Automated scanning and exploitation instruments sometimes emerge shortly after technical writeups are printed, and SessionReaper’s excessive affect makes it a sexy goal for attackers,” Sansec notes.Commercial. Scroll to proceed studying.
The cybersecurity agency factors out that solely 38% of shops have utilized Adobe’s hotfix, which means that 62% of the Magento shops are in danger.
One of many fundamental points with the safety defect, Adobe warned roughly a month in the past, is the truth that it may result in buyer account takeover by the Commerce REST API.
On Wednesday, Adobe up to date its advisory to verify the safety defect’s in-the-wild exploitation. “Adobe is conscious of CVE-2025-54236 being exploited within the wild,” the replace reads.
Associated: Organizations Warned of Exploited Adobe AEM Varieties Vulnerability
Associated: Lanscope Endpoint Supervisor Zero-Day Exploited within the Wild
Associated: TARmageddon Flaw in Widespread Rust Library Results in RCE
Associated: Authorities, Industrial Servers Focused in China-Linked ‘PassiveNeuron’ Marketing campaign
