MUST READ

U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog

 | 

Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw

 | 

Cyberattack on Jaguar Land Rover inflicts $2.5B loss on UK economy

 | 

PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025

 | 

TP-Link urges immediate updates for Omada Gateways after critical flaws discovery

 | 

TARmageddon flaw in Async-Tar Rust library allows to smuggle extra archives when the library is processing nested TAR files

 | 

Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure

 | 

Japanese retailer Muji halted online sales after a ransomware attack on logistics partner

 | 

U.S. CISA adds Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities catalog

 | 

China-Linked Salt Typhoon breaches European Telecom via Citrix exploit

 | 

Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases

 | 

CAPI Backdoor targets Russia’s auto and e-commerce sectors

 | 

F5 breach exposes 262,000 BIG-IP systems worldwide

 | 

China finds “irrefutable evidence” of US NSA cyberattacks on time Authority

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 67

 | 

Security Affairs newsletter Round 546 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Winos 4.0 hackers expand to Japan and Malaysia with new malware

 | 

From Airport chaos to cyber intrigue: Everest Gang takes credit for Collins Aerospace breach

 | 

SIMCARTEL operation: Europol takes down SIM-Box ring linked to 3,200 scams

 | 

A critical WatchGuard Fireware flaw could allow unauthenticated code execution

 | 

Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw

Pierluigi Paganini October 23, 2025

Hackers exploit CVE-2025-54236 in Adobe Commerce and Magento to hijack accounts via REST API. Over 250 attacks in 24 hours.

E-commerce security company Sansec researchers warn that threat actors are exploiting a critical flaw in Adobe Commerce and Magento, tracked as CVE-2025-54236 (CVSS 9.1), to hijack customer accounts via the REST API. The experts observed over 250 attacks hit stores in 24 hours.

Last month, Adobe issued an emergency patch to fix the flaw, dubbed SessionReaper, after researcher Blaklis responsibly disclosed it.

The vulnerability is an improper input validation issue.

“The bug, dubbed SessionReaper and assigned CVE-2025-54236, allows customer account takeover and unauthenticated remote code execution under certain conditions.” reported cybersecurity firm Sansec. “SessionReaper is one of the more severe Magento vulnerabilities in its history, comparable to Shoplift (2015), Ambionics SQLi (2019), TrojanOrder (2022) and CosmicSting (2024). Each time, thousands of stores got hacked, sometimes within hours of the flaw being published.”

An attacker can exploit this vulnerability to take over customer accounts.

The situation is critical, as only 38% of stores are patched and exploit details are already publicly available.

“When we first reported on SessionReaper in September, fewer than one in three Magento stores had been patched. Six weeks later, that figure has barely improved: only 38% of stores are now protected. This means that 62% of Magento stores remain vulnerable to a critical remote code execution attack with publicly available exploit details.” reads the report published by Sancec.

“With exploit details now public and active attacks already observed, we expect mass exploitation within the next 48 hours. Automated scanning and exploitation tools typically emerge quickly after technical writeups are published, and SessionReaper’s high impact makes it an attractive target for attackers.”

SessionReaper matches past major flaws like CosmicSting, TrojanOrder, and Shoplift, which each led to thousands of store breaches within hours.

Sansec blocked over 250 SessionReaper attack attempts on e-commerce sites, with payloads delivering PHP webshells or phpinfo probes from multiple IPs.

Sansec spotted attacks coming from the following IPs:

  • 34.227.25.4
  • 44.212.43.34
  • 54.205.171.35
  • 155.117.84.134
  • 159.89.12.166

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2025-54236)

Adobe Commerce CVE-2025-54236 Cybercrime Hacking hacking news information security news IT Information Security Magendo Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini October 23, 2025
U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog
Read more
Pierluigi Paganini October 23, 2025
Cyberattack on Jaguar Land Rover inflicts $2.5B loss on UK economy
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog

Breaking News / October 23, 2025

Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw

Hacking / October 23, 2025

Cyberattack on Jaguar Land Rover inflicts $2.5B loss on UK economy

Security / October 23, 2025

PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025

APT / October 22, 2025

TP-Link urges immediate updates for Omada Gateways after critical flaws discovery

Security / October 22, 2025