Hackers exploiting critical “SessionReaper” flaw in Adobe Magento www.bleepingcomputer.com/news/secu…

Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded.

The activity was spotted by e-commerce security firm Sansec, whose researchers previously described SessionReaper as one of the most severe security bugs in the history of the product.

Adobe warned about CVE-2025-54236 on September 8, saying that it is an improper input validation vulnerability that impacts Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 (and earlier).