CVE-2025-54236 is a critical improper input validation vulnerability in Adobe Commerce (Magento) that enables session takeover and potentially remote code execution without user interaction. This vulnerability is being actively exploited in the wild against internet-facing e-commerce platforms.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-09-09
Added to CISA KEV: 2025-10-24 45 DAYS BETWEEN CVE AND KEV
Threat Intelligence Report CVE-2025-54236 is a critical improper input validation vulnerability in Adobe Commerce and Magento that allows unauthenticated attackers to exploit the Web API ServiceInputProcessor, potentially leading to unauthorized code execution without user interaction. Adobe has released an emergency patch to address this vulnerability, which primarily affects systems using ...
A critical vulnerability, CVE-2025-54236, dubbed SessionReaper, is currently under active exploitation in Adobe Commerce and Magento Open-Source platforms. The flaw arises from improper input validation and can lead to customer account takeover and remote code execution. Security firm Sansec has reported blocking over 250 exploitation attempts, underscoring the urgency for administrators to ...
Vulnerability Details : CVE-2025-54236. Adobe Commerce | Improper Input Validation (CWE-20).Exploitation of this issue does not require user interaction. Published 2025-09-09 14:15:47.
Cisa Kev. This CVE is not part of the CISA Known Exploited Vulnerabilities Catalog.
Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded.