Attackers Target Critical Vulnerability in Adobe Commerce and Magento
In September, Adobe released updates for Commerce and Magento that close a critical vulnerability. It is now being attacked.
(Image: janews/Shutterstock.com)
For a critical security vulnerability in Adobe's e-commerce systems, updates for Commerce and Magento have been available since September have been ready for patching. Admins should install them quickly – attacks on the vulnerabilities are now underway.
Adobe has updated and supplemented the security advisory for the vulnerability, stating that the company is aware of internet attacks targeting the flaw. The company is not very specific in its vulnerability description, instead abstractly referring to the "Common Weakness Enumeration" classification of the problems. Accordingly, it is an Improper Input Validation (CWE-20) that leads to the bypass of security functions (CVE-2025-54236, CVSS 9.1, Risk "critical"). The associated CVE entry provides a more specific indication that "successful attackers can exploit this to take over sessions." User interaction is not required for exploitation.
A more in-depth technical analysis can be found at NullSecurityX. It is a deserialization vulnerability that IT researchers have named "SessionReaper." "This vulnerability allows unauthenticated attackers to exploit REST, GraphQL, or SOAP API endpoints, leading to session takeover or, under certain conditions (e.g., file-based session storage), remote code execution (RCE) from the network," they explain there.
Cyberattacks have begun
IT analysts at Sansec have now observed active attacks on the "SessionReaper" security vulnerability since Wednesday. According to the authors of the security report, currently only 38 percent of Adobe Commerce and Magento stores have installed the security updates – more than 60 percent of shops are therefore still vulnerable. IT security researchers from Assetnote have provided an analysis have presented an analysis and demonstrated the deserialization vulnerability within it.
Videos by heise
IT researchers have already observed initial attacks, and proof-of-concept exploits are publicly available. Therefore, analysts expect massive attacks to follow. Cybercriminals are incorporating the exploit code into their toolkits and automatically scanning the network for vulnerable instances. IT managers should immediately provide the Magento and Commerce shops they manage with the available updates.
(dmk)
