Hackers are actively exploiting a critical vulnerability in Adobe Commerce and Magento Open Source, leading to potential customer account takeovers. Less than half of affected sites have applied the necessary patches, increasing the risk of widespread attacks. #CVE-2025-54236 #SessionReaper
Keypoints
- Cybersecurity firm Sansec reports active exploitation of the CVE-2025-54236 vulnerability.
- The flaw stems from improper input validation, allowing security bypass and remote code execution.
- Adobe released hotfixes on September 9, urging users to update affected versions between 2.4.4 and 2.4.7.
- Less than 40% of Magento stores have implemented the patch, leaving many vulnerable.
- Attackers are using PHP webshells and phpinfo probes in their exploits, with expectations of a surge in activity.