Over 250 Attacks Hit Adobe Commerce and Magento via Critical CVE-2025-54236 Flaw

Security experts at e-commerce security company Sansec have reported a critical vulnerability in Adobe Commerce and Magento, allowing hackers to exploit the SessionReaper flaw (CVE-2025-54236) and hijack customer accounts via the REST API. This vulnerability has been exploited by over 250 attacks in just 24 hours.

The experts warned that threat actors are exploiting this critical flaw to take advantage of a pre-auth remote code execution and a customer ATO, which can be patched immediately with Adobe's emergency release.

A Critical Flaw: Improper Input Validation

The vulnerability is caused by an improper input validation issue, allowing attackers to execute arbitrary commands on the affected systems. Sansec reported that "SessionReaper is one of the more severe Magento vulnerabilities in its history, comparable to Shoplift (2015), Ambionics SQLi (2019), TrojanOrder (2022) and CosmicSting (2024). Each time, thousands of stores got hacked, sometimes within hours of the flaw being published."

A Dire Situation: Only 38% of Stores are Patched

The situation is critical, as only 38% of stores have patched the vulnerability, and exploit details are already publicly available. This means that 62% of Magento stores remain vulnerable to a critical remote code execution attack with publicly available exploit details.

Mass Exploitation Imminent

Sansec's report predicts that mass exploitation is imminent, as automated scanning and exploitation tools typically emerge quickly after technical writeups are published. With the SessionReaper vulnerability having high impact, it is an attractive target for attackers. The company blocked over 250 SessionReaper attack attempts on e-commerce sites, with payloads delivering PHP webshells or phpinfo probes from multiple IPs.

What You Can Do

If you're using Adobe Commerce or Magento and haven't patched the vulnerability yet, it's essential to do so immediately. The emergency release is available now, and patching will help prevent your store from being compromised by hackers exploiting this critical flaw.

Stay safe online, and follow us for the latest security news and updates: