E-commerce security firm Sansec has warned that risk actors have begun to use a just lately disclosed security vulnerability in Adobe Commerce and Magento Open Supply platforms, with greater than 250 assault makes an attempt recorded towards a number of shops over the previous 24 hours.
The vulnerability in query is CVE-2025-54236 (CVSS rating: 9.1), a important improper enter validation flaw that could possibly be abused to take over buyer accounts in Adobe Commerce by way of the Commerce REST API.
Also referred to as SessionReaper, it was addressed by Adobe final month. A security researcher who goes by the title Blaklis is credited with the invention and accountable disclosure of CVE-2025-54236.
The Dutch firm mentioned that 62% of Magento shops stay susceptible to the security flaw six weeks after public disclosure, urging web site directors to use the patches as quickly as doable earlier than broader exploitation exercise picks up.
The assaults have originated from the next IP addresses, with unknown risk actors leveraging the flaw to drop PHP webshells or probe phpinfo to extract PHP configuration info.
- 34.227.25[.]4
- 44.212.43[.]34
- 54.205.171[.]35
- 155.117.84[.]134
- 159.89.12[.]166
“PHP backdoors are uploaded through ‘/buyer/address_file/add’ as a pretend session,” Sansec mentioned.
The event comes as Searchlight Cyber revealed an in depth technical evaluation of CVE-2025-54236, describing it as a nested deserialization flaw that permits distant code execution.
It is price noting that CVE-2025-54236 is the second deserialization vulnerability impacting Adobe Commerce and Magento platforms in as a few years. In July 2024, one other important flaw dubbed CosmicSting (CVE-2024-34102, CVSS rating: 9.8) was subjected to widespread exploitation.
With proof-of-concept (PoC) exploits and extra specifics now getting into public domains, it is crucial that customers transfer rapidly to use the fixes.
