BleepingComputer reports that more than 250 exploitation attempts involving the critical improper input validation flaw in Adobe Commerce, tracked as CVE-2025-54236, have been discovered and blocked by e-commerce security firm Sansec more than a month after patches for the vulnerability, also known as SessionReaper, were released.
Attempted exploitation of SessionReaper against Magento stores mostly stemmed from five IP addresses, with intrusions involving PHP webshells and phpinfo investigations into configuration settings and predefined system variables, according to Sansec researchers, who noted that 62% of online stores continue to be susceptible to potential attacks.
Further abuse of the security issue, which could result in customer account hijacking, is expected following SearchLight Cyber's release of a technical analysis of CVE-2025-54236. Active exploitation of SessionReaper should prompt website administrators to promptly implement released fixes. Organizations that cannot do so have been urged to immediately apply the mitigations advised by Adobe.
Attempted exploitation of SessionReaper against Magento stores mostly stemmed from five IP addresses, with intrusions involving PHP webshells and phpinfo investigations into configuration settings and predefined system variables, according to Sansec researchers, who noted that 62% of online stores continue to be susceptible to potential attacks.
Further abuse of the security issue, which could result in customer account hijacking, is expected following SearchLight Cyber's release of a technical analysis of CVE-2025-54236. Active exploitation of SessionReaper should prompt website administrators to promptly implement released fixes. Organizations that cannot do so have been urged to immediately apply the mitigations advised by Adobe.




