Hackers are now actively exploiting a major security flaw known as SessionReaper, tracked as CVE-2025-54236, in Adobe Commerce platforms, previously called Magento.
Security company Sansec recorded hundreds of attack attempts and warned that this vulnerability is one of the most serious issues ever found in the platform. Adobe first alerted users about the problem on September 8, describing it as an improper input validation bug affecting several versions of Adobe Commerce, including 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, and 2.4.4-p15, along with earlier releases.
If an attacker successfully exploits this flaw, they can take control of customer account sessions without any interaction from the user. Adobe says that hackers can use the Commerce REST API to hijack accounts. Sansec also pointed out that the vulnerability is easier to exploit when stores use the default setting that stores session data on the file system. A leaked hotfix previously hinted at how the vulnerability could be abused by attackers.
Six weeks after Adobe released an emergency patch, Sansec confirmed that hackers had begun launching real-world attacks. According to the company, Sansec Shield blocked the first active attempts today, which is worrying news for thousands of online stores that still have not applied the update. On the same day alone, more than 250 attempts were detected across multiple stores, with most coming from five known IP addresses: 34.227.25.4, 44.212.43.34, 54.205.171.35, 155.117.84.134, and 159.89.12.166. The attacks often include PHP webshell uploads or phpinfo probes that check system settings and look for valuable information.
Researchers at Searchlight Cyber also released a technical breakdown of the vulnerability today, which could lead to even more attempts by attackers. Sansec reports that 62 percent of Magento stores online are still unpatched, leaving them exposed to this dangerous bug. In the first ten days after the patch was released, only one in three websites took action, and now three out of five stores remain vulnerable.
Administrators are strongly urged to install Adobe’s security update or follow the company’s recommended protections as quickly as possible to avoid being targeted.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
