The SessionReaper vulnerability is rooted in improper input validation in Magento’s authentication processes, enabling attackers to impersonate users and gain unauthorized access to sensitive areas. The escalation of risk became evident following the release of a proof-of-concept exploit on October 22, leading to over 300 attacks within 48 hours from various IPs. This vulnerability not only allows session hijacking but also poses a risk of unauthenticated remote code execution, wherein attackers could upload harmful scripts directly to servers.
The severity of CVE-2025-54236 is underscored by a CVSS score of 9.8, indicating a high impact on confidentiality and availability, with no privileges required for initial access. E-commerce businesses utilizing unpatched versions of Magento face immediate threats, particularly with the holiday shopping season approaching. Experts stress the importance of implementing Adobe’s security patches swiftly and enhancing input validation measures to safeguard against this vulnerability and related exploits.
👉 Pročitaj original: Cyber Security News
