Adobe released an out-of-band emergency patch for SessionReaper (CVE-2025-54236).
The bug hands full control of a store to unauthenticated attackers.
Automated abuse is expected and merchants should act immediately.
SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236)
Adobe released an out-of-band emergency patch for SessionReaper (CVE-2025-54236). The bug may hand control of a store to unauthenticated attackers. Automated...
Sansec (sansec.io)
