Adobe News Articles

Magento Input Validation Vulnerability Exploited In Wild To Hijack Session And Execute Malicious Codes

A critical vulnerability in Magento, the popular e-commerce platform, is now rebranded as Adobe Commerce. Dubbed SessionReaper and tracked as CVE-2025-54236, this improper input validation flaw allows attackers to hijack user sessions and, in some cases, execute malicious code remotely.

3 weeks ago

Hackers Can Hijack Accounts Without Logging In ‘SessionReaper’ Critical Flaw Hits Adobe Commerce and Magento - 247News

The National Computer Emergency Response Team (NCERT) has warned of a critical vulnerability—tracked as CVE-2025-54236 and dubbed SessionReaper in Adobe Commerce and Magento Open Source that allows attackers

3 weeks ago

Security Affairs newsletter Round 547 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs in your email box

3 weeks ago

Critical vulnerability CVE-2025-54236 in Adobe Commerce (Magento) | Born's Tech and Windows World

[German]A critical vulnerability, CVE-2025-54236, has been found in Adobe Commerce software (formerly Magento). Adobe Commerce allows unauthenticated attackers to upload files and, ultimately, even take over...

3 weeks ago

U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog

The U.S. CISA added Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities (KEV) catalog.

3 weeks ago

Fear the 'SessionReaper': Adobe Bug Under Attack

CVE-2025-54236 is a critical flaw in Adobe Commerce (formerly Magento) that allows attackers to remotely take over sessions on the e-commerce platform.

3 weeks ago

Hackers Exploit Magento, Adobe Commerce RCE to Deploy Webshells

The flaw, tracked as CVE-2025-54236 and dubbed SessionReaper, enables remote code execution and customer account takeover on thousands of online stores.

3 weeks ago

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) - Help Net Security

Attackers are trying to exploit CVE-2025-54236, a critical vulnerability affecting Adobe Commerce and Magento Open Source.

3 weeks ago

Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw

Hackers exploit CVE-2025-54236 in Adobe Commerce and Magento to hijack accounts via REST API. Over 250 attacks in 24 hours.

3 weeks ago

Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw

Sansec reports 250+ attacks exploiting Adobe Commerce flaw CVE-2025-54236; 62% of stores remain unpatched.

3 weeks ago

Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk

Hackers have started exploiting CVE-2025-54236, a critical-severity vulnerability in Adobe Commerce and Magento Open Source.

3 weeks ago

Hackers exploiting critical "SessionReaper" flaw in Adobe Magento

Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded.

4 weeks ago

Hackers exploiting critical "SessionReaper" flaw in Adobe Magento

Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. The activity was spotted by...

4 weeks ago

CISA: Maximum-severity Adobe flaw now exploited in attacks

CISA has warned that attackers are actively exploiting a maximum-severity vulnerability in Adobe Experience Manager to execute code on unpatched systems.

1 month ago

CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack

CISA adds Adobe AEM CVE-2025-54253 to its KEV list after confirmed active exploitation.

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

Adobe Commerce CVE-2025-54236 allows account takeover; hotfix and WAF deployed to block attacks.

Adobe patches critical SessionReaper flaw in Magento eCommerce platform

Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of 

Adobe Experience Manager Forms under attack! Urgent patch for a score 10 RCE zero-day bug.

Learn about the zero-day vulnerability in Adobe AEM Forms and how to protect yourself with the available critical update.

Adobe AEM Forms 0-Day Vulnerability Allows Arbitrary Code Execution

The company released APSB25-82 on August 5, 2025, categorizing these updates as Priority 1, indicating the highest level of urgency for immediate patching across enterprise environments.

Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC

Adobe has released urgent security updates to resolve two AEM Forms vulnerabilities for which proof-of-concept (PoC) code exists.

Adobe issues emergency fixes for AEM Forms zero-days after PoCs released

Adobe released emergency updates for two zero-day flaws in Adobe Experience Manager (AEM) Forms on JEE after a PoC exploit chain was disclosed that can be used for unauthenticated, remote code execution on vulnerable instances.

【漏洞复现】Adobe ColdFusion 任意文件读取漏洞 CVE-2024-20767-CSDN博客

文章浏览阅读879次。本文详细介绍了Adobe ColdFusion在特定版本中存在的任意文件读取漏洞（CVE-2024-20767）。内容包括漏洞描述、免责声明、漏洞复现步骤以及修复方案。在漏洞复现部分，作者演示了如何通过发送特定数据包来读取系统文件，如/etc/passwd，并提醒读者此类信息仅供学习，不得用于非法活动。

Adobe Warns of ColdFusion Vulnerability Allows Attackers Read arbitrary files

The identified vulnerability, CVE-2024-53961, has a known proof-of-concept exploit, making the updates crucial for users.

Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code

Adobe released out-of-band security updates to fix a critical ColdFusion vulnerability, experts warn of a PoC exploit code available for it

Critical Adobe ColdFusion Vulnerability CVE-2024-53961

Adobe ColdFusion 2023 & 2021 are vulnerable to CVE-2024-53961, a critical path traversal weakness.

FYSA - Adobe Cold Fusion Path Traversal Vulnerability - Security Intelligence

Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and ...

CISA Warns of Adobe & Windows Kernel Driver Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an important warning after adding two critical vulnerabilities.

CISA KEV Catalog Update Part IV - December 2024

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20767  The vulnerability withca CVSS score of 8.2. This vulnerability arises from improper access control mechanisms within Adobe ColdFusion, enabling attackers t...

Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog

Critical security flaw in Adobe ColdFusion has been added to CISA's Known Exploited Vulnerabilities catalog.

CISA warns of Adobe ColdFusion bug exploited as a zero-day

CISA has added a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018 to its catalog of security bugs exploited in the wild.

CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild

A critical flaw, CVE-2023-26360, has been found and exploited in the wild.

Federal agency breached through Adobe ColdFusion vulnerability

The unidentified hackers exploited CVE-2023-26360 to gain "an initial foothold" on two systems at the same agency, CISA said.

Mass Retail Hacks Affect Adobe Commerce and Magento Stores

Thousands of online stores running Adobe Commerce and Magento software have been hacked since the summer and infected with digital payment skimmers by attackers

Mass Retail Hacks Affect Adobe Commerce and Magento Stores

Thousands of online stores running Adobe Commerce and Magento software have been hacked since the summer and infected with digital payment skimmers by attackers

Big names among thousands infected by payment-card-stealing CosmicSting crooks

Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of stealing shoppers'...

Thousands of online shops infected via CosmicSting flaw

Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of stealing shoppers'...

Adobe Commerce and Magento Store under cyber attack

Cybersecurity researchers have revealed that 5% of all Adobe Commerce and Magento stores have been hacked by cybercriminals exploiting a security vulnerability called CosmicSting. Adobe Commerce and the vulnerabilities detected by cybersecurity experts Tracked as CVE-2024-34102 (CVSS score: 9.8), th...

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Critical Adobe Commerce vulnerability "CosmicSting" compromises 5% of stores. Urgent patching and key rotation required to prevent data theft.

Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) - Help Net Security

Among the security updates released by Adobe on Tuesday are those for Acrobat and Reader, which fix CVE-2024-45112 and CVE-2024-41869.

어도비 아크로뱃 리더의 취약점, 활발히 공격 받고 있어

보안 외신 해커뉴스에 의하면 미국의 사이버 보안 전담 기관인 CISA가 어도비 아크로뱃 리더(Adobe Acrobat Reader)에서 발견된 취약점인 CVE-2023-21608에 대한 새로운 경고를 발표했다고 한다. 해당 취약점을 통한 익스플로잇 공격이 활발히 진행되고 있다는 것으로, CISA는 이 취약점을 ‘긴급 패치 목록(KEV)’에 포함시키기도 했다. CISA의 KEV 목록은 실질적인 해킹 공격에 활용되고 있는 취약점들을 포함하고 있어 패치 관리 시 참고하면 유용하다고 알려져 있다.

CosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102) - exploit - vsociety

CosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102) - exploitSummaryCVE-2024-34102 affects Adobe Commerce / Magento versions 2.4.6 and earlier. Discovered in...

VMware, SolarWinds Vulnerabilities Exploited, and Cisco Warns of Critical ‘10.0’ Flaw

Cisco said the vulnerability was caused by an improper implementation of the password change process.

Cybersecurity teams advised to look out for critical Adobe, Cisco bugs

CISA added three bugs to the KEV catalog in all; Cisco gives flaw on Cisco Smart Software Manager On-Prem a 10 rating.

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

Cisco patches critical SSM On-Prem flaw. CISA adds three actively exploited vulnerabilities to KEV catalog. Federal agencies given August 7 deadline t

Recent Adobe Commerce Vulnerability Exploited in Wild

Adobe and CISA warn that a recent Adobe Commerce vulnerability tracked as CVE-2024-34102 has been exploited in the wild.

Identified a POC for the CVE-2024-34102 Vulnerability in Magento / Adobe Commerce

Security experts have identified a significant vulnerability, CVE-2024-34102, affecting Magento and Adobe Commerce platforms.

Identificato POC per la Vulnerabilità CVE-2024-34102 in Magento / Adobe Commerce

È stato rilevato all'interno delle underground un exploit poke relativo all'applicazione Magento (CVE-2024-34102)

75%的Magento電商平臺恐存在重大資安漏洞CosmicSting，若不設法修補，攻擊者有可能取得完整控制權

針對Adobe本月修補電商平臺Adob​​e Commerce及Magento Open Source的資安弱點CosmicSting（CVE-2024-34102），資安業者Sansec提出警告，這是歷年來該電商平臺最嚴重的漏洞之一，網站管理者應儘速採取緩解措施因應