E-commerce Chaos: Adobe Commerce Vulnerability Leaves 62% of Magento Stores Exposed!

Sansec warns the SessionReaper vulnerability in Adobe Commerce and Magento Open Source is being exploited, with over 250 attacks in 24 hours. A whopping 62% of Magento stores still haven’t patched it. Don’t let your e-commerce platform become a hacker’s playground; apply the fixes before it’s too late!

3P
Published: October 23, 2025 6:01 amAdded: October 22, 2025 at 11:37 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Adobe Commerce and Magento are having a little session with the SessionReaper, and it’s not a friendly chat over tea and cookies. With over 250 unfriendly attempts to exploit a critical flaw in just 24 hours, it’s high time these e-commerce platforms got their act together and patched up. Otherwise, they might as well put out a welcome mat for cyber hooligans!

Key Points:

  • Threat actors are exploiting a security flaw in Adobe Commerce and Magento Open Source platforms.
  • The vulnerability, CVE-2025-54236, has a critical CVSS score of 9.1.
  • The flaw, known as SessionReaper, could allow attackers to take over customer accounts.
  • 62% of Magento stores are still vulnerable six weeks after the flaw was disclosed.
  • Attackers are using PHP webshells to exploit the vulnerability.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?