Sansec logo

zero-day

All articles and research tagged with zero-day

← Browse all tags

SessionReaper attacks have started, 3 in 5 stores still vulnerable

SessionReaper attacks have started, 3 in 5 stores still vulnerable

2025-10-22 Six weeks after Adobe's emergency patch, SessionReaper (CVE-2025-54236) has entered active exploitation. Sansec Shield blocked dozens of attacks today. With only 38% of stores patched and exploit details now public, mass abuse will follow in the coming hours.

skimming CVE-2025-54236 magento adobe-commerce +6
SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236)

SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236)

2025-09-08 Adobe released an out-of-band emergency patch for SessionReaper (CVE-2025-54236). The bug may hand control of a store to unauthenticated attackers. Automated abuse is expected and merchants should act immediately.

skimming CVE-2025-54236 magento adobe-commerce +5

Scan your store now
for malware & vulnerabilities

$ curl ecomscan.com | sh

eComscan is the most thorough security scanner for Magento, Adobe Commerce, Shopware, WooCommerce and many more.

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security

Bluesky Telegram Linkedin Email RSS
Terms & Conditions
Privacy & Cookie Policy