Adobe News Articles
Recent news articles refferecing the vendors vulnerabilities.
Magento Input Validation Vulnerability Exploited In Wild To Hijack Session And Execute Malicious Codes
A critical vulnerability in Magento, the popular e-commerce platform, is now rebranded as Adobe Commerce. Dubbed SessionReaper and tracked as CVE-2025-54236, this improper input validation flaw allows attackers to hijack user sessions and, in some cases, execute malicious code remotely.
247news.com.pkCVE-2025-54236Hackers Can Hijack Accounts Without Logging In ‘SessionReaper’ Critical Flaw Hits Adobe Commerce and Magento - 247News
The National Computer Emergency Response Team (NCERT) has warned of a critical vulnerability—tracked as CVE-2025-54236 and dubbed SessionReaper in Adobe Commerce and Magento Open Source that allows attackers
Security Affairs newsletter Round 547 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs in your email box
BornCityCVE-2025-54236Critical vulnerability CVE-2025-54236 in Adobe Commerce (Magento) | Born's Tech and Windows World
[German]A critical vulnerability, CVE-2025-54236, has been found in Adobe Commerce software (formerly Magento). Adobe Commerce allows unauthenticated attackers to upload files and, ultimately, even take over...
U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog
The U.S. CISA added Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Fear the 'SessionReaper': Adobe Bug Under Attack
CVE-2025-54236 is a critical flaw in Adobe Commerce (formerly Magento) that allows attackers to remotely take over sessions on the e-commerce platform.
Cyber PressCVE-2025-54236Hackers Exploit Magento, Adobe Commerce RCE to Deploy Webshells
The flaw, tracked as CVE-2025-54236 and dubbed SessionReaper, enables remote code execution and customer account takeover on thousands of online stores.
Help Net SecurityCVE-2025-54236Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) - Help Net Security
Attackers are trying to exploit CVE-2025-54236, a critical vulnerability affecting Adobe Commerce and Magento Open Source.
Security AffairsCVE-2025-54236Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw
Hackers exploit CVE-2025-54236 in Adobe Commerce and Magento to hijack accounts via REST API. Over 250 attacks in 24 hours.
The Hacker NewsCVE-2025-54236Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw
Sansec reports 250+ attacks exploiting Adobe Commerce flaw CVE-2025-54236; 62% of stores remain unpatched.
Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk
Hackers have started exploiting CVE-2025-54236, a critical-severity vulnerability in Adobe Commerce and Magento Open Source.
Hackers exploiting critical "SessionReaper" flaw in Adobe Magento
Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. The activity was spotted by...
Hackers exploiting critical "SessionReaper" flaw in Adobe Magento
Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded.
CISA: Maximum-severity Adobe flaw now exploited in attacks
CISA has warned that attackers are actively exploiting a maximum-severity vulnerability in Adobe Experience Manager to execute code on unpatched systems.
The Hacker NewsCVE-2025-54253CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack
CISA adds Adobe AEM CVE-2025-54253 to its KEV list after confirmed active exploitation.
The Hacker NewsCVE-2025-54236Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts
Adobe Commerce CVE-2025-54236 allows account takeover; hotfix and WAF deployed to block attacks.
Adobe patches critical SessionReaper flaw in Magento eCommerce platform
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of
Red Hot CyberAdobe Experience Manager Forms under attack! Urgent patch for a score 10 RCE zero-day bug.
Learn about the zero-day vulnerability in Adobe AEM Forms and how to protect yourself with the available critical update.
Adobe AEM Forms 0-Day Vulnerability Allows Arbitrary Code Execution
The company released APSB25-82 on August 5, 2025, categorizing these updates as Priority 1, indicating the highest level of urgency for immediate patching across enterprise environments.
Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC
Adobe has released urgent security updates to resolve two AEM Forms vulnerabilities for which proof-of-concept (PoC) code exists.
Adobe issues emergency fixes for AEM Forms zero-days after PoCs released
Adobe released emergency updates for two zero-day flaws in Adobe Experience Manager (AEM) Forms on JEE after a PoC exploit chain was disclosed that can be used for unauthenticated, remote code execution on vulnerable instances.
【漏洞复现】Adobe ColdFusion 任意文件读取漏洞 CVE-2024-20767-CSDN博客
文章浏览阅读879次。本文详细介绍了Adobe ColdFusion在特定版本中存在的任意文件读取漏洞(CVE-2024-20767)。内容包括漏洞描述、免责声明、漏洞复现步骤以及修复方案。在漏洞复现部分,作者演示了如何通过发送特定数据包来读取系统文件,如/etc/passwd,并提醒读者此类信息仅供学习,不得用于非法活动。
GBHackers NewsCVE-2024-53961Adobe Warns of ColdFusion Vulnerability Allows Attackers Read arbitrary files
The identified vulnerability, CVE-2024-53961, has a known proof-of-concept exploit, making the updates crucial for users.
Security AffairsCVE-2024-53961Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code
Adobe released out-of-band security updates to fix a critical ColdFusion vulnerability, experts warn of a PoC exploit code available for it
The Cyber ExpressCVE-2024-53961Critical Adobe ColdFusion Vulnerability CVE-2024-53961
Adobe ColdFusion 2023 & 2021 are vulnerable to CVE-2024-53961, a critical path traversal weakness.