Blog

Magento & Adobe Commerce Facing Major Attack Surge: SessionReaper

Benjamin Hosack
3 Nov 2025
2 min read

Tags:

eCommerce
Magento
Web Security
ree

Magento 2 and Adobe Commerce users are currently dealing with a critical security crisis: the SessionReaper vulnerability (CVE-2025-54236) has triggered a rapid surge in malware attacks, jumping 47% in recent weeks[1][5].

What Is SessionReaper?

SessionReaper is a remote code execution flaw that lets attackers hijack user sessions and even seize full control of a store’s server - often without any authentication[1][5]. Exploitation typically involves uploading malicious session files, which can lead to stolen data, fraudulent transactions, and long-term backdoors in your shop’s codebase[1][5].

Scale of the Threat

  • More than 250 Magento stores were hit within 24 hours of exploit details becoming public[5][1].
  • Over 60% of Magento sites remain unpatched over a month after the fix[5][1].
  • Attackers prey on both Magento Open Source and Adobe Commerce, focusing on sites slow to update[1].

What Should Merchants Do?

  • Check your site now using ThreatView.  
  • This is a free scanner that will check your site from an external perspective. ThreatView Advanced Edition will provide you with comprehensive Filesystem and Database threat detection.
  • Apply the latest Adobe patch immediately to block ongoing attacks[1].
  • Remove suspicious session files and check for hidden backdoors even if you’ve already patched.

The attacks are accelerating - proactive patching and scanning are crucial to protect your customers and your business[1][5].

Sources

[1] Thousands of online stores at risk as SessionReaper ... https://www.malwarebytes.com/blog/news/2025/10/thousands-of-online-stores-at-risk-as-sessionreaper-attacks-spread

[2] Critical Adobe Commerce, Magento vulnerability under ... https://www.helpnetsecurity.com/2025/10/23/adobe-magento-cve-2025-54236-attack/

[3] Adobe Security Bulletin https://helpx.adobe.com/security/products/magento/apsb25-88.html

[4] SessionReaper: Account Takeover and Unauthenticated ... https://www.greenbone.net/en/blog/sessionreaper-account-takeover-and-unauthenticated-rce-in-magento-and-adobe-commerce/

[5] Over 250 Magento Stores Hit Overnight as Hackers Exploit ... https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html

[6] SessionReaper (CVE-2025-54236): Critical Adobe ... https://socradar.io/sessionreaper-cve-2025-54236-adobe-commerce-exploit/

[7] Adobe Commerce / Magento Insecure Deserialization ... https://www.tenable.com/plugins/was/115019

[8] Why nested deserialization is STILL harmful – Magento ...

Read Other Blog Articles

Digital Skimmer Targeting Is Shifting: What the Last 3 Months Tell Us

Turaco Labs
June 17, 2026
3 mins
eCommerce
Malware
Web Security

Over the last three months, the digital skimmer landscape has changed noticeably. Based on the latest ThreatView charts, Magento 2 remains the most targeted platform, but the biggest movement is elsewhere: Shopify has risen sharply and now appears to be the second most targeted platform for digital skimmers.

PrestaShop Attacks Are Escalating - What We’re Seeing and What Merchants Should Do Now

Turaco Labs
June 3, 2026
4 mins
eCommerce
Cybersecurity
Malware

In February 2026, we detected 327 compromised PrestaShop websites running card-harvesting malware loaders or digital skimmer malware. By the beginning of June 2026, that number had risen to 1,068. This is an active, expanding campaign affecting a growing number of merchants.

PolyShell and Magento: what merchants should do now

Turaco Labs
25 March 2026
4 mins
eCommerce
Magento
Malware
Web Security

A practical guide for Magento and Adobe Commerce merchants dealing with PolyShell: what it is, how to detect compromise, how ThreatView helps, and what to do next.

Proudly, designed, developed and maintained by Tecbot.