Oct 23, 2025Ravie LakshmananData Breach / Vulnerability
E-commerce safety firm Sansec has warned that risk actors have begun to take advantage of a lately disclosed safety vulnerability in Adobe Commerce and Magento Open Supply platforms, with greater than 250 assault makes an attempt recorded in opposition to a number of shops over the previous 24 hours.
The vulnerability in query is CVE-2025-54236 (CVSS rating: 9.1), a essential improper enter validation flaw that could possibly be abused to take over buyer accounts in Adobe Commerce by the Commerce REST API.
Also called SessionReaper, it was addressed by Adobe final month. A safety researcher who goes by the identify Blaklis is credited with the invention and accountable disclosure of CVE-2025-54236.
The Dutch firm stated that 62% of Magento shops stay susceptible to the safety flaw six weeks after public disclosure, urging web site directors to use the patches as quickly as potential earlier than broader exploitation exercise picks up.
The assaults have originated from the next IP addresses, with unknown risk actors leveraging the flaw to drop PHP webshells or probe phpinfo to extract PHP configuration info.
34.227.25[.]4
44.212.43[.]34
54.205.171[.]35
155.117.84[.]134
159.89.12[.]166
“PHP backdoors are uploaded by way of ‘/buyer/address_file/add’ as a pretend session,” Sansec stated.
The event comes as Searchlight Cyber printed an in depth technical evaluation of CVE-2025-54236, describing it as a nested deserialization flaw that permits distant code execution.
It is price noting that CVE-2025-54236 is the second deserialization vulnerability impacting Adobe Commerce and Magento platforms in as a few years. In July 2024, one other essential flaw dubbed CosmicSting (CVE-2024-34102, CVSS rating: 9.8) was subjected to widespread exploitation.
With proof-of-concept (PoC) exploits and extra specifics now getting into public domains, it is crucial that customers transfer rapidly to use the fixes.
