Adobe Commerce SessionReaper improper input validation flaw (CVE-2025-54236)
Vulnerability
Summary
Hide ▲
Show ▼
The SessionReaper flaw in Adobe Commerce is an actively exploited CVE-2025-54236 vulnerability that can lead to customer account takeover and account session control. Adobe identified the bug as an improper input validation issue, and the attack path runs through the Commerce REST API. The issue affects 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 (and earlier), while Sansec said more than 250 attempts were blocked against multiple stores. The security update is available, but many stores remain unpatched.
Cases
Related Happenings
Magento Open Source v2 and Adobe Commerce PolyShell mass exploitation
Exploitation Wave
First: 25.03.2026 23:40
Last: 25.03.2026 23:40
Sources 1
About this happening:
**PolyShell** exploitation is now underway against **Magento Open Source v2** and **Adobe Commerce**, with attackers reaching **56.7%** of vulnerable stores. The surge began on **...
Magento Open Source v2 and Adobe Commerce PolyShell mass exploitation
Exploitation WaveAbout this happening: **PolyShell** exploitation is now underway against **Magento Open Source v2** and **Adobe Commerce**, with attackers reaching **56.7%** of vulnerable stores. The surge began on **...
Latest development: 09.04.2026 01:34
Sansec reported a new campaign against nearly 100 Magento online stores in which attackers hide a credit card skimmer inside a 1x1-pixel SVG element with an onload handler, display a fake Secure Checkout overlay on checkout, validate submitted card data with Luhn, and exfiltrate payment details to attacker infrastructure; the researchers also identified six exfiltration domains hosted by IncogNet LLC (AS40663).
Magento Open Source and Adobe Commerce PolyShell unauthenticated RCE flaw
Vulnerability
First: 19.03.2026 22:01
Last: 19.03.2026 22:01
Sources 1
About this happening:
**PolyShell** is a **Magento Open Source** and **Adobe Commerce** vulnerability that can enable **unauthenticated code execution** and **account takeover** across **stable version...
Magento Open Source and Adobe Commerce PolyShell unauthenticated RCE flaw
VulnerabilityAbout this happening: **PolyShell** is a **Magento Open Source** and **Adobe Commerce** vulnerability that can enable **unauthenticated code execution** and **account takeover** across **stable version...
Adobe Commerce SessionReaper exploitation wave (CVE-2025-54236)
Exploitation Wave
First: 22.10.2025 21:41
Last: 22.10.2025 21:41
Sources 1
How related:
with more than 250 attack attempts recorded against multiple stores over the past 24 hours.
About this happening:
**Adobe Commerce** is seeing an **active exploitation wave** for **CVE-2025-54236 / SessionReaper**, with **hundreds of attempts** hitting **multiple stores** and many deployments...
Adobe Commerce SessionReaper exploitation wave (CVE-2025-54236)
Exploitation WaveHow related: with more than 250 attack attempts recorded against multiple stores over the past 24 hours.
About this happening: **Adobe Commerce** is seeing an **active exploitation wave** for **CVE-2025-54236 / SessionReaper**, with **hundreds of attempts** hitting **multiple stores** and many deployments...
CISA adds Adobe Experience Manager flaw to KEV catalog
Public Sector Action
First: 16.10.2025 07:26
Last: 16.10.2025 07:26
Sources 1
About this happening:
CISA added **CVE-2025-54253** affecting **Adobe Experience Manager** to its **KEV catalog**, turning the flaw into a federal remediation priority because it is under **active expl...
CISA adds Adobe Experience Manager flaw to KEV catalog
Public Sector ActionAbout this happening: CISA added **CVE-2025-54253** affecting **Adobe Experience Manager** to its **KEV catalog**, turning the flaw into a federal remediation priority because it is under **active expl...
Cisco ASA and FTD active exploitation wave (CVE-2025-20333, CVE-2025-20362)
Exploitation Wave
First: 30.09.2025 19:58
Last: 30.09.2025 19:58
Sources 1
About this happening:
**Cisco ASA and FTD** appliances are still under an **active exploitation wave** for **CVE-2025-20333** and **CVE-2025-20362**, with a new attack variant now causing **unexpected...
Cisco ASA and FTD active exploitation wave (CVE-2025-20333, CVE-2025-20362)
Exploitation WaveAbout this happening: **Cisco ASA and FTD** appliances are still under an **active exploitation wave** for **CVE-2025-20333** and **CVE-2025-20362**, with a new attack variant now causing **unexpected...
Timeline
-
22.10.2025 21:41 3 articles · 7mo ago
SessionReaper exploitation hits Adobe Commerce stores
Exploitation ObservedOn October 22, 2025, Sansec said SessionReaper had entered active exploitation against Adobe Commerce stores, with Sansec Shield detecting and blocking the first real-world attacks and more than 250 attempts targeting multiple stores, including PHP webshells and phpinfo probes; the same day, Searchlight Cyber published technical analysis of CVE-2025-54236.
Show sources
- Hackers exploiting critical "SessionReaper" flaw in Adobe Magento — www.bleepingcomputer.com — 22.10.2025 21:41
- Hackers exploiting critical "SessionReaper" flaw in Adobe Magento — www.bleepingcomputer.com — 22.10.2025 21:41
- Fear the 'SessionReaper': Adobe Commerce Flaw Under Attack — www.darkreading.com — 24.10.2025 00:25
-
08.09.2025 03:00 2 articles · 8mo ago
Adobe warns about SessionReaper in Adobe Commerce
Initial DisclosureAdobe warned on September 8, 2025 that CVE-2025-54236, known as SessionReaper, is an improper input validation flaw in Adobe Commerce that affects versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier, and Adobe said a successful attacker could take control of customer account sessions through the Commerce REST API.
Show sources
- Hackers exploiting critical "SessionReaper" flaw in Adobe Magento — www.bleepingcomputer.com — 22.10.2025 21:41
- Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts — thehackernews.com — 10.09.2025 04:08