## New Vulnerability in Adobe Commerce: Understanding CVE-2025-54236
A serious security flaw has been identified in Adobe Commerce, known as CVE-2025-54236. This vulnerability, classified with a CVSS score of 9.1, involves improper input validation and poses a threat to customer accounts via the Commerce REST API. Discovered by a security researcher named Blaklis, this flaw, often referred to as SessionReaper, was addressed by Adobe last month.
## The Ongoing Threat to Magento Stores
Despite the patch being issued, alarming statistics show that over 62% of Magento stores are still at risk, more than six weeks post-disclosure. Adobe has urged website administrators to implement fixes promptly to avert further exploitation of this vulnerability. As attacks have already been detected, the urgency of applying these patches cannot be overstated.
### Attack Patterns Exploiting the Vulnerability
Cyber actors are leveraging this flaw through specific IP addresses to deploy PHP web shells or extract critical information from server configurations. The following IPs have been noted as indicators of these malicious activities:
– 34.227.25[.]4
– 44.212.43[.]34
– 54.205.171[.]35
– 155.117.84[.]134
– 159.89.12[.]166
According to security firm Sansec, attackers are utilizing PHP backdoors through the endpoint ‘/customer/address_file/upload’, masquerading as legitimate sessions.
## Technical Insights into CVE-2025-54236
Searchlight Cyber has released an extensive analysis of CVE-2025-54236, characterizing it as a nested deserialization vulnerability that allows for remote code execution. This level of access can have devastating implications for affected sites, making it crucial for users to take action before malicious actors exploit the flaw further.
### Historical Context of Vulnerabilities in Adobe Commerce
Notably, CVE-2025-54236 is not the first deserialization vulnerability impacting Adobe’s platforms. In July 2024, another severe flaw, dubbed CosmicSting (CVE-2024-34102, CVSS score: 9.8), came to light, leading to widespread exploitation. This trend raises concerns about the ongoing security challenges faced by Adobe Commerce and Magento platforms.
## The Importance of Timely Patch Application
With proof-of-concept (PoC) exploits and additional technical information now widely available, it is increasingly important for users to implement necessary patches without delay. Cybersecurity threats continue to evolve, and inaction can result in significant repercussions for businesses relying on these platforms.
As the security landscape shifts, vigilance and proactive measures will be key for website administrators to safeguard their systems and customer data against emerging threats. The stakes are high, and staying informed about potential vulnerabilities can make all the difference.
