Adobe Commerce SessionReaper exploitation wave (CVE-2025-54236)
Exploitation Wave
Summary
Hide ▲
Show ▼
Adobe Commerce is seeing an active exploitation wave for CVE-2025-54236 / SessionReaper, with hundreds of attempts hitting multiple stores and many deployments still unpatched. The attacks matter because the flaw can let an attacker take control of account sessions without user interaction. Sansec says it has already detected and blocked the first real-world attacks.
Cases
Related Happenings
Everest Forms Pro CVE-2026-3300 active exploitation wave
Exploitation Wave
H score87
First: 05.06.2026 11:38
Last: 05.06.2026 11:38
Sources 1
About this happening:
Active exploitation of **CVE-2026-3300** in **Everest Forms Pro** is driving **complete site compromise** risk for WordPress sites. Attackers have been using the flaw for arbitrar...
Everest Forms Pro CVE-2026-3300 active exploitation wave
Exploitation WaveAbout this happening: Active exploitation of **CVE-2026-3300** in **Everest Forms Pro** is driving **complete site compromise** risk for WordPress sites. Attackers have been using the flaw for arbitrar...
MetInfo CMS unauthenticated PHP code injection actively exploited remote code execution flaw (CVE-2026-29014)
Vulnerability
H score53
First: 05.05.2026 14:56
Last: 05.05.2026 14:56
Sources 1
About this happening:
**CVE-2026-29014** in **MetInfo CMS** is **actively exploited**, putting **versions 7.9, 8.0, and 8.1** at risk of **remote code execution** and full server takeover. **MetInfo**...
MetInfo CMS unauthenticated PHP code injection actively exploited remote code execution flaw (CVE-2026-29014)
VulnerabilityAbout this happening: **CVE-2026-29014** in **MetInfo CMS** is **actively exploited**, putting **versions 7.9, 8.0, and 8.1** at risk of **remote code execution** and full server takeover. **MetInfo**...
TP-Link router authenticated command injection (CVE-2023-33538)
Vulnerability
H score27
First: 20.04.2026 10:50
Last: 20.04.2026 10:50
Sources 1
About this happening:
**CVE-2023-33538** in **discontinued TP-Link routers** is still being probed, leaving exposed devices at risk of **arbitrary command execution** and **denial of service** if attac...
TP-Link router authenticated command injection (CVE-2023-33538)
VulnerabilityAbout this happening: **CVE-2023-33538** in **discontinued TP-Link routers** is still being probed, leaving exposed devices at risk of **arbitrary command execution** and **denial of service** if attac...
Cisco security patch release for CVE-2026-20184
Security Patch Release
H score44
First: 16.04.2026 14:27
Last: 16.04.2026 14:27
Sources 1
About this happening:
**Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...
Cisco security patch release for CVE-2026-20184
Security Patch ReleaseAbout this happening: **Cisco** released patches for **four critical flaws** affecting **Identity Services Engine (ISE)**, **ISE-PIC**, and **Webex Services**, closing paths to **arbitrary code executi...
Microsoft April 2026 Patch Tuesday security updates (167 flaws)
Security Patch Release
H score55
First: 14.04.2026 20:41
Last: 14.04.2026 20:41
Sources 1
About this happening:
Microsoft's **April 2026 Patch Tuesday** ships **security updates** for **167 flaws**, including **2 zero-days**, reducing exposure across widely used Microsoft software. The rele...
Microsoft April 2026 Patch Tuesday security updates (167 flaws)
Security Patch ReleaseAbout this happening: Microsoft's **April 2026 Patch Tuesday** ships **security updates** for **167 flaws**, including **2 zero-days**, reducing exposure across widely used Microsoft software. The rele...
Timeline
-
22.10.2025 21:41 3 articles · 8mo ago
Sansec detects active SessionReaper exploitation
Exploitation ObservedSansec said Adobe Commerce stores were under active exploitation for CVE-2025-54236, with Sansec Shield detecting and blocking the first real-world attacks today, more than 250 SessionReaper attempts hitting multiple stores, and payloads including PHP webshells and phpinfo probes while 62% of Magento stores online remained unpatched.
Show sources
- Hackers exploiting critical "SessionReaper" flaw in Adobe Magento — www.bleepingcomputer.com — 22.10.2025 21:41
- Hackers exploiting critical "SessionReaper" flaw in Adobe Magento — www.bleepingcomputer.com — 22.10.2025 21:41
- Fear the 'SessionReaper': Adobe Commerce Flaw Under Attack — www.darkreading.com — 24.10.2025 00:25
-
08.09.2025 03:00 1 articles · 10mo ago
Adobe warns about CVE-2025-54236 in Adobe Commerce
Initial DisclosureAdobe warned that CVE-2025-54236 is an improper input validation vulnerability in Adobe Commerce (formerly Magento) that can let an attacker take control of account sessions through the Commerce REST API, affecting Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15, and earlier.
Show sources
- Hackers exploiting critical "SessionReaper" flaw in Adobe Magento — www.bleepingcomputer.com — 22.10.2025 21:41