Adobe has issued a critical security patch for its Commerce and Magento Open Source platforms addressing a severe vulnerability, CVE-2025-54236, which could allow unauthorized account control through the Commerce REST API. While there are no reports of active exploitation, researchers warn that threat actors may leverage this flaw using automation, making immediate patching essential. #CVE2025-54236 #MagentoOpenSource
Keypoints
- Adobe released a security update fixing a critical vulnerability in Commerce and Magento Open Source.
- The flaw, SessionReaper, allows unauthenticated attackers to take control of customer accounts.
- Protection for Cloud customers is already in place through a web application firewall rule.
- Researchers warn that the leaked hotfix may enable threat actors to develop exploits quickly.
- Administrators are urged to test and deploy the patch immediately to avoid potential abuse.