Magento & Adobe Commerce Facing Major Attack Surge: SessionReaper
- Benjamin Hosack
- 2 days ago
- 2 min read
Updated: 11 hours ago
Magento 2 and Adobe Commerce users are currently dealing with a critical security crisis: the SessionReaper vulnerability (CVE-2025-54236) has triggered a rapid surge in malware attacks, jumping 47% in recent weeks[1][5].
What Is SessionReaper?
SessionReaper is a remote code execution flaw that lets attackers hijack user sessions and even seize full control of a store’s server - often without any authentication[1][5]. Exploitation typically involves uploading malicious session files, which can lead to stolen data, fraudulent transactions, and long-term backdoors in your shop’s codebase[1][5].
Scale of the Threat
More than 250 Magento stores were hit within 24 hours of exploit details becoming public[5][1].
Over 60% of Magento sites remain unpatched over a month after the fix[5][1].
Attackers prey on both Magento Open Source and Adobe Commerce, focusing on sites slow to update[1].
What Should Merchants Do?
Check your site now using ThreatView.
This is a free scanner that will check your site from an external perspective. ThreatView Advanced Edition will provide you with comprehensive Filesystem and Database threat detection.
Apply the latest Adobe patch immediately to block ongoing attacks[1].
Remove suspicious session files and check for hidden backdoors even if you’ve already patched.
The attacks are accelerating - proactive patching and scanning are crucial to protect your customers and your business[1][5].
Sources
[1] Thousands of online stores at risk as SessionReaper ... https://www.malwarebytes.com/blog/news/2025/10/thousands-of-online-stores-at-risk-as-sessionreaper-attacks-spread
[2] Critical Adobe Commerce, Magento vulnerability under ... https://www.helpnetsecurity.com/2025/10/23/adobe-magento-cve-2025-54236-attack/
[3] Adobe Security Bulletin https://helpx.adobe.com/security/products/magento/apsb25-88.html
[4] SessionReaper: Account Takeover and Unauthenticated ... https://www.greenbone.net/en/blog/sessionreaper-account-takeover-and-unauthenticated-rce-in-magento-and-adobe-commerce/
[5] Over 250 Magento Stores Hit Overnight as Hackers Exploit ... https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html
[6] SessionReaper (CVE-2025-54236): Critical Adobe ... https://socradar.io/sessionreaper-cve-2025-54236-adobe-commerce-exploit/
[7] Adobe Commerce / Magento Insecure Deserialization ... https://www.tenable.com/plugins/was/115019
[8] Why nested deserialization is STILL harmful – Magento ... https://slcyber.io/assetnote-security-research-center/why-nested-deserialization-is-still-harmful-magento-rce-cve-2025-54236/
Comments