Sansec logo

deserialization

All articles and research tagged with deserialization

← Browse all tags

SessionReaper attacks have started, 3 in 5 stores still vulnerable

SessionReaper attacks have started, 3 in 5 stores still vulnerable

2025-10-22 Six weeks after Adobe's emergency patch, SessionReaper (CVE-2025-54236) has entered active exploitation. Sansec Shield blocked dozens of attacks today. With only 38% of stores patched and exploit details now public, mass abuse will follow in the coming hours.

skimming CVE-2025-54236 magento adobe-commerce +6
SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236)

SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236)

2025-09-08 SessionReaper (CVE-2025-54236) is a critical bug in Magento & Adobe Commerce. The bug may hand full control of a store to unauthenticated attackers. Automated attacks have hit over 50% of all stores globally. Merchants should act immediately.

skimming CVE-2025-54236 magento adobe-commerce +5

Scan your store now
for malware & vulnerabilities

$ curl ecomscan.com | sh

eComscan is the most thorough security scanner for Magento, Adobe Commerce, Shopware, WooCommerce and many more.

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security

Bluesky Telegram Linkedin Email RSS
Terms & Conditions
Privacy & Cookie Policy