AMSTERDAM / LONDON (IT BOLTWISE) – A recently discovered security vulnerability in Adobe Commerce and Magento open source platforms has led to over 250 attacks on online shops. The vulnerability, known as CVE-2025-54236, allows attackers to take over customer accounts. Despite Adobe releasing a patch, many systems remain unprotected, increasing the urgency to install security updates immediately.
Today’s daily deals at Amazon! ˗ˋˏ$ˎˊ˗
The recent vulnerability in Adobe Commerce and Magento open source platforms, known as CVE-2025-54236, has led to a wave of attacks on over 250 online stores. This vulnerability, discovered by security researcher Blaklis, allows attackers to take control of customer accounts by exploiting faulty input validation. Adobe released a patch last month, but many systems remain unprotected.
Security firm Sansec has reported that 62% of Magento stores are still vulnerable to this vulnerability. The attacks exploit the vulnerability to install PHP webshells or extract PHP configuration information. The threat is further exacerbated by the release of proof-of-concept exploits and technical details, highlighting the need for rapid security measures.
The CVE-2025-54236 vulnerability, also known as SessionReaper, is the second deserialization vulnerability to affect Adobe Commerce and Magento in recent years. A similar vulnerability called CosmicSting (CVE-2024-34102) was discovered in July 2024, which was also widely exploited. These incidents highlight the ongoing threat of security vulnerabilities in e-commerce platforms and the need to implement security updates in a timely manner.
The attacks come from different IP addresses and use the vulnerability to upload malicious PHP scripts. Sansec emphasizes that these attacks occur via the ‘/customer/address_file/upload’ endpoint, which is disguised as a spoofed session. Security firm Searchlight Cyber has published a detailed technical analysis of the vulnerability, which it describes as a nested deserialization vulnerability that allows remote code execution.
The ongoing threat of such vulnerabilities highlights the need for organizations to rethink their security strategies and ensure all systems are up to date. Rapidly implementing security updates and monitoring systems for unusual activity are critical to minimizing the risk of attacks and protecting the integrity of customer data.
*Order an Amazon credit card with no annual fee with a credit limit of 2,000 euros! a‿z
Bestseller No. 1 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 2 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 3 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 4 ᵃ⤻ᶻ «KI Gadgets»
Bestseller No. 5 ᵃ⤻ᶻ “KI Gadgets”
Please send any additions and information to the editorial team by email to de-info[at]it-boltwise.de. Since we cannot rule out AI hallucinations, which rarely occur with AI-generated news and content, we ask you to contact us via email and inform us in the event of false statements or misinformation. Please don’t forget to include the article headline in the email: “Adobe Commerce Security Flaw: Over 250 Magento Stores Affected”.
The post Vulnerability in Adobe Commerce: Over 250 Magento stores affected appeared first on Veritas News.
