Magento Open Source

Adobe has released a patch for a critical Magento vulnerability known as SessionReaper (CVE-2025-54236) that could allow unauthenticated access to customer accounts via the Commerce REST API. While Adobe says no exploitation has been observed, researchers warn the issue could be exploited at scale and urge immediate patching, with Cloud customers protected by an existing…