Attackers are trying to exploit CVE-2025-54236, a critical vulnerability affecting Adobe Commerce and Magento Open Source, Sansec researchers have warned. The company blocked over 250 exploitation attempts targeting multiple stores on Wednesday, and expects the attacks to continue at pace. About CVE-2025-54236 CVE-2025-54236, aka SessionReaper, is an Improper Input Validation vulnerability that may allow attackers to take over customer accounts. It affects Adobe Commerce and Magento Open Source versions: 2.4.9-alpha2 and earlier 2.4.8-p2 and earlier … More
The post Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) appeared first on Help Net Security.
