Hackers Unleash Chaos: 62% of Magento Stores Vulnerable to “SessionReaper” Attack!

Hackers are actively exploiting a critical vulnerability in Adobe Commerce and Magento Open Source, with Sansec reporting 250 attacks in a single day. With only 38% of stores patched against CVE-2025-54236, the bug dubbed SessionReaper is poised for mass exploitation, making it an attractive target for cyber attackers.

3P
Published: October 23, 2025 11:07 amAdded: October 23, 2025 at 4:35 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Great, just when you thought hitting “Update Now” was enough to keep the pesky hackers at bay, along comes SessionReaper with its spooky CVE-2025-54236 to remind us that patching isn’t just a seasonal activity. If you’re not on top of your updates, your site might just transform into a cyber-haunted house, complete with uninvited guests rummaging through your digital attic. Better grab that hotfix before your eCommerce site becomes the setting for the next cyber horror flick!

Key Points:

  • SessionReaper, a vulnerability in Adobe Commerce and Magento, is under active exploitation.
  • Vulnerability CVE-2025-54236 has a CVSS score of 9.1, indicating critical severity.
  • Adobe released a hotfix on September 9, but only 38% of sites have implemented it.
  • Approximately 250 attacks using PHP webshells and phpinfo probes were observed.
  • Mass exploitation is expected as exploit details have become public.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?