πŸ”΄ CVE-2025-54236

CVE-2025-54236 is a critical improper input validation vulnerability in Adobe Commerce (Magento) that enables session takeover and potentially remote code execution without user interaction. This vulnerability is being actively exploited in the wild against internet-facing e-commerce platforms.

← Back to Overview
HIGH_RISK
Risk Level
9.1
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-09-09

Added to CISA KEV: 2025-10-24 45 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2025-10-24)

CVE-2025-54236, also known as "SessionReaper," is a critical vulnerability affecting Adobe Commerce and Magento Open Source platforms [2][6]. Here's what is known about its exploitation:

  • Affected Applications/Services: The vulnerability affects internet-facing applications and services using Adobe Commerce and Magento Open Source [1].
  • Active Exploitation: There is evidence of active exploitation in the wild [2][5]. Security firm Sansec reported blocking hundreds of exploitation attempts [2][5].
  • Attack Vectors/Exploitation Methods: The vulnerability stems from improper input validation in the Web API ServiceInputProcessor, potentially leading to unauthorized code execution without user interaction [1][3]. Successful exploitation can lead to customer account takeover and potentially remote code execution (RCE) [7][10].
  • Targeted Attacks: While specific details on targeted attacks are not available, the active exploitation suggests it could be used in such attacks [2][5].
  • CISA KEV Status: CVE-2025-54236 is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog [4].
  • Technical Details: The vulnerability can be exploited through the Web API ServiceInputProcessor [1][3]. While RCE may require file-based session storage, other forms of abuse are possible [8].
Adobe has released an emergency patch and deployed web application firewall (WAF) rules to protect Adobe Commerce on Cloud [1][9].

Sources

  1. CVE-2025-54236 - Exploits & Severity - Feedly

    Threat Intelligence Report CVE-2025-54236 is a critical improper input validation vulnerability in Adobe Commerce and Magento that allows unauthenticated attackers to exploit the Web API ServiceInputProcessor, potentially leading to unauthorized code execution without user interaction. Adobe has rel…

  2. Urgent: Critical SessionTakeover Flaw (CVE-2025-54236) in Adobe ...

    A critical vulnerability, CVE-2025-54236, dubbed SessionReaper, is currently under active exploitation in Adobe Commerce and Magento Open-Source platforms. The flaw arises from improper input validation and can lead to customer account takeover and remote code execution. Security firm Sansec has rep…

  3. CVE-2025-54236 : Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7 ...

    Vulnerability Details : CVE-2025-54236. Adobe Commerce | Improper Input Validation (CWE-20).Exploitation of this issue does not require user interaction. Published 2025-09-09 14:15:47.

  4. Magento & Adobe Commerce - Account Takeover (CVE-2025-54236)

    Cisa Kev. This CVE is not part of the CISA Known Exploited Vulnerabilities Catalog.

  5. Hackers exploiting critical "SessionReaper" flaw in Adobe Magento

    Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed