Find notable cyber news and cases, enriched with sources, timelines, and signals.
Vulnerability Advisory/Mitigation Exploitation Wave Security Patch Release

Adobe Commerce SessionReaper exploitation and emergency remediation

Updated 24.10.2025 00:25
Case score 66
Case score 66 Members 4 Latest activity 24.10.2025 00:25
Active exploitation Patch status varies by member CVSS: 9.8 Critical
Members 4 First seen 09.09.2025 18:53 Last seen 24.10.2025 00:25 Updated 24.10.2025 00:25

Overview

**CVE-2025-54236** in **Adobe Commerce** has moved into active abuse, with SessionReaper attempts targeting the **Commerce REST API** and Sansec already blocking more than **250** attempts against multiple stores. The flaw can let an attacker take control of customer account sessions without user interaction, which makes exposed commerce deployments an immediate concern. Adobe has already issued an emergency update for **Adobe Commerce** and **Magento Open Source**, and **Adobe Commerce on Cloud** customers had a temporary **WAF rule** while administrators tested and deployed the fix. Available evidence confirms live attack attempts, but the full extent of successful compromise remains unknown.

Signals

6 derived
Impact signals
Exploitation
Exploitation Active exploitation CVSS 9.8 Critical
CVEs/products
CVE
Remediation
Urgency Immediate Remediation
Threat context
Actor Sansec

Member happenings

4 related
Vulnerability Adobe Commerce SessionReaper improper input validation flaw (CVE-2025-54236)
Updated 22.10.2025 21:41 Lead Contribution 63
Exploitation Active Exploitation CVSS 9.8 Critical Patch Patch Available

The **SessionReaper** flaw in **Adobe Commerce** is an actively exploited **CVE-2025-54236** vulnerability that can lead to **customer account takeover** and **account session control**. Adobe identified the bug as an **improper input validation** issue, and the attack path runs through the **Commerce REST API**. The issue affects **2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 (and earlier)**, while Sansec said **more than 250** attempts were blocked against multiple stores. The **security update** is available, but many stores remain **unpatched**.

Exploitation Wave Adobe Commerce SessionReaper exploitation wave (CVE-2025-54236)
Updated 22.10.2025 21:41 Scoring Support Contribution 3
Exploitation Active Exploitation CVSS 9.8 Critical Patch Patch Available

**Adobe Commerce** is seeing an **active exploitation wave** for **CVE-2025-54236 / SessionReaper**, with **hundreds of attempts** hitting **multiple stores** and many deployments still **unpatched**. The attacks matter because the flaw can let an attacker **take control of account sessions** without user interaction. **Sansec** says it has already **detected and blocked** the first real-world attacks.

Advisory/Mitigation Adobe mitigation guidance for Adobe Commerce and Magento Open Source urgent remediation for CVE-2025-54236
Updated 09.09.2025 18:53 Context
Urgency Immediate Patch Patch Available

Adobe urged **Adobe Commerce** and **Magento Open Source** administrators to **test and deploy the available patch immediately** for **CVE-2025-54236**, reducing the risk of unauthenticated abuse of the **Commerce REST API**. The advisory centers on the **SessionReaper** flaw, which researchers describe as one of the platform's most severe issues. **Adobe Commerce on Cloud** customers had a temporary **WAF rule** in place while remediation moved forward.

Security Patch Release Adobe security patch release for CVE-2025-54236
Updated 24.10.2025 00:25 Context
Exploitation Active Exploitation CVSS 9.8 Critical Urgency Immediate Patch Patch Available

**Adobe** issued an **emergency update** for **Adobe Commerce** and **Magento open source** to fix **CVE-2025-54236**, an improper input validation flaw that could enable remote session takeover. The patch, disclosed on **Sept. 9**, addressed a high-impact weakness in the e-commerce platform stack. Administrators should treat the release as urgent because the flaw was later confirmed as **exploited in the wild**.