1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Hundreds of Adobe Magento stores hit after critical security flaw

    From TechnologyDaily@1337:1/100 to All on Thu Oct 23 14:15:08 2025
    Hundreds of Adobe Magento stores hit after critical security flaw found - here's what we know

    Date:
    Thu, 23 Oct 2025 13:13:00 +0000

    Description:
    Adobe patches a deserialization vulnerability in Magento and Commerce.

    FULL STORY ======================================================================CVE-2025 -54236 is actively exploited to hijack accounts via Magentos REST API Over
    250 attacks in 24 hours; most stores remain unpatched six weeks after fix Attackers upload PHP backdoors using fake sessions; Sansec urges immediate patching and scans

    A critical-severity vulnerability recently found in Adobe Commerce and
    Magento Open Source platforms is being actively exploited in the wild to attack e-commerce sites and take over accounts, experts have warned.

    Researchers at Sansec said in less than 24 hours, they observed more than 250 attacks leveraging CVE-2025-54236, a critical-severity flaw (9.1/10)
    described as an improper input validation vulnerability.

    It is being abused to take over customer accounts through the Commerce REST API. Patches, WAF, and more

    The attacks are dubbed SessionReaper, and although Adobe has released a fix for the bug, Sansec says the majority of Magento stores (almost two-thirds, 62%), are still vulnerable - six weeks after the patch was released.

    Sansec identified five different IP addresses from which the attacks originate, suggesting either multiple threat actors, or a single actor using VPNs, proxy servers, or compromised machines to hide their real location (which is a more common occurrence).

    In the attacks, they droop PHP webshells or probe phpinfo in an attempt to extract PHP configuration data. "PHP backdoors are uploaded via '/customer/address_file/upload' as a fake session," Sansec said.

    Given that the flaw is being actively used in the wild, and that a patch has been available for weeks already, Sansec urged all users to secure their assets immediately.

    That includes testing and deploying the patch as soon as possible, activating Web Application Firewall (WAF) protection (for those that cannot deploy the patch at this time), and scanning for compromise.

    If you delayed patching, run a malware scanner like eComscan to check for signs of compromise, Sansec explained.

    TheHackerNews notes this is the second deserialization vulnerability found
    in Adobe Commerce and Magento platforms in the last two years. In July 2024, the company patched a 9.8/10 flaw nicknamed CosmicSting, which was also
    abused in the wild.

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hundreds-of-adobe-magento-stores-hit-af ter-critical-security-flaw-found-heres-what-we-know


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)