A critical vulnerability in Adobe Commerce, identified as CVE-2025-54236, is actively being exploited by the ransomware group Storm-0501, leading to significant security breaches across numerous e-commerce platforms. This flaw, which has been assigned a CVSS score of 9.1, allows attackers to take over customer accounts by exploiting improper input validation, thereby compromising the confidentiality and integrity of affected systems.
The vulnerability impacts Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15, and earlier. It was first disclosed on September 9, 2025, and has since been added to CISA's Known Exploited Vulnerabilities (KEV) catalog as of October 24, 2025. The flaw, categorized under CWE-20 (Improper Input Validation), allows attackers to achieve session takeover, posing a high risk to the confidentiality and integrity of data.
Reports indicate that over 250 Adobe Commerce and Magento stores have been compromised through this vulnerability, which has been dubbed "SessionReaper." The exploitation of this flaw has been swift, with attackers taking advantage of it within 44 days of its disclosure. The exploitation in the wild has been confirmed, and there is at least one known exploit and four proof-of-concept (PoC) codes available, making it easier for threat actors to leverage this vulnerability.
The exploitation of CVE-2025-54236 has been particularly damaging for e-commerce platforms, as it allows attackers to hijack customer sessions, potentially leading to unauthorized transactions and data theft. The ransomware group Storm-0501 has been attributed to these attacks, further exacerbating the threat landscape for businesses relying on Adobe Commerce.
Given the critical nature of this vulnerability and its active exploitation, organizations using affected versions of Adobe Commerce are urged to prioritize patching. Adobe has released updates to address this flaw, and it is imperative for administrators to apply these patches immediately to mitigate the risk of exploitation.
In addition to patching, organizations should review their security posture and consider implementing additional security measures such as web application firewalls (WAFs) and intrusion detection systems (IDS) to detect and block potential exploitation attempts. Regular security audits and monitoring of network traffic for unusual activity can also help in identifying and responding to threats promptly.
The inclusion of CVE-2025-54236 in the KEV catalog underscores the urgency of addressing this vulnerability. Federal agencies and organizations in critical sectors are particularly encouraged to adhere to CISA's guidelines and ensure that all systems are updated to the latest secure versions.
As the threat landscape continues to evolve, staying informed about vulnerabilities and their exploitation is crucial for maintaining robust cybersecurity defenses. Organizations must remain vigilant and proactive in their security efforts to protect against the ever-present threat of cyberattacks.
CSURFACE