Magento
-
PolyShell flaw enables unauthenticated RCE and account takeover in Magento 2 stores
PolyShell affects Magento Open Source and Adobe Commerce version 2 installations, enabling unauthenticated code execution and stored XSS. Adobe published a fix only in a 2.4.9 alpha release while production versions remain vulnerable.
-
Hackers exploit critical SessionReaper flaw in Adobe Commerce, Sansec says
E-commerce security firm Sansec reported active exploitation of the critical SessionReaper flaw (CVE-2025-54236) in Adobe Commerce, blocking over 250 attempts and warning that a majority of stores remain unpatched.
-
Adobe patches critical SessionReaper flaw in Magento platforms (CVE-2025-54236)
Adobe has released a patch for a critical Magento vulnerability known as SessionReaper (CVE-2025-54236) that could allow unauthenticated access to customer accounts via the Commerce REST API. While Adobe says no exploitation has been observed, researchers warn the issue could be exploited at scale and urge immediate patching, with Cloud customers protected by an existing…
