E-commerce security company Sansec has issued a critical warning following a surge in cyberattacks targeting Adobe Commerce and Magento Open Source platforms. On October 23, 2025, over 250 attack attempts were recorded against numerous Magento stores within a 24-hour period. These incidents confirm active exploitation of a recently disclosed security vulnerability, highlighting an immediate threat to online businesses relying on these platforms.

Details of CVE-2025-54236: SessionReaper

The vulnerability being exploited is identified as CVE-2025-54236, which carries a critical CVSS score of 9.1. This flaw is an improper input validation vulnerability, also known by its alias, SessionReaper. It enables threat actors to take over customer accounts in Adobe Commerce by leveraging the Commerce REST API. Adobe had previously addressed this critical flaw last month, prior to the widespread attacks. Security researcher Blaklis is officially credited with the discovery and responsible disclosure of CVE-2025-54236, a crucial step in informing the community about the danger.

Urgent Patching Required for Vulnerable Stores

Despite Adobe’s timely patch release, Sansec, a Dutch security firm, reported a concerning statistic: 62% of Magento stores remained vulnerable to this specific security flaw six weeks after its public disclosure. This significant delay in applying security updates has created a window of opportunity for attackers. Sansec has strongly urged website administrators to apply the available patches without delay, emphasizing the need for immediate action to prevent further exploitation. The documented attacks have originated from specific IP addresses, indicating a targeted and ongoing campaign against unpatched e-commerce sites.

Source: https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html