CyberSecurityBoard
Sponsor Register Login

Adobe patches critical SessionReaper flaw in Magento eCommerce platform

Adobe has released a critical security update addressing a severe vulnerability known as SessionReaper in its Magento eCommerce platform. This flaw could allow attackers to hijack user sessions, potentially leading to unauthorized access and data breaches. Magento, widely used by online retailers, is a popular target for cybercriminals due to the sensitive customer and payment information it handles. The SessionReaper vulnerability exploits session management weaknesses, enabling attackers to intercept or manipulate active sessions. Adobe's patch aims to close this security gap, urging all Magento users to apply the update immediately to protect their online stores and customer data. Failure to patch could result in significant financial and reputational damage due to compromised transactions and stolen information. This update highlights the importance of timely software maintenance and vigilance against emerging cyber threats in the eCommerce sector. Magento administrators are advised to review their systems, implement the patch, and monitor for any suspicious activity to ensure robust defense against session hijacking attacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 09 Sep 2025 15:55:17 +0000


Cyber News related to Adobe patches critical SessionReaper flaw in Magento eCommerce platform

Adobe patches critical SessionReaper flaw in Magento eCommerce platform - Adobe has released a critical security update addressing a severe vulnerability known as SessionReaper in its Magento eCommerce platform. This flaw could allow attackers to hijack user sessions, potentially leading to unauthorized access and data ...
4 months ago Bleepingcomputer.com CVE-2023-34362
Hackers exploiting critical SessionReaper flaw in Adobe Magento - Adobe Magento, a widely used e-commerce platform, is currently under threat due to a critical vulnerability known as SessionReaper. This flaw allows hackers to exploit session management weaknesses, potentially leading to unauthorized access and data ...
2 months ago Bleepingcomputer.com CVE-2023-24097
Vendors Actively Bypass Year-Old Magento Vulnerability: Security Patch Issues - Vendors are actively bypassing the security patch for a year-old Magento vulnerability, a new research shows. The Magento platform is an open-source eCommerce solution widely used by merchants to create custom stores on the internet. In April 2020, ...
2 years ago Securityweek.com
Grim SessionReaper (CVE-2025-54236) Comes to Collect This Halloween - In October 2025, cybersecurity researchers have uncovered a critical vulnerability dubbed Grim SessionReaper, identified as CVE-2025-54236. This flaw poses significant risks to affected systems, allowing attackers to potentially hijack sessions and ...
2 months ago Akamai.com CVE-2025-54236
Future of eCommerce: Emerging Technologies Shaping Online Retail in 2024 - Top-notch stores are moving online as eCommerce continues to lead with breakthrough innovations that are transforming global business operations and consumer shopping behaviours. This blog post explores how technologies such as Artificial ...
1 year ago Hackread.com
SessionReaper Vulnerability: New Threat to Web Sessions Uncovered - The SessionReaper vulnerability represents a significant new threat to web session security, allowing attackers to hijack active user sessions and gain unauthorized access to sensitive information. This vulnerability exploits weaknesses in session ...
4 months ago Cybersecuritynews.com CVE-2024-12345 SessionHijackers
Thousands of Adobe Commerce e-stores hacked by exploiting CosmicSting bug - Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. Over ...
1 year ago Securityaffairs.com CVE-2024-34102
CVE-2009-2988 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors. Per: ...
7 years ago
CVE-2009-2998 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. Per: ...
7 years ago
CVE-2009-2986 - Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2981 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors. Per: ...
7 years ago
CVE-2009-3458 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998. Per: ...
7 years ago
CVE-2009-2990 - Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2980 - Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2997 - Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2992 - An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. Per: ...
7 years ago
CVE-2009-2982 - An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors. Per: ...
7 years ago
CVE-2009-2991 - Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. Per: ...
7 years ago
CVE-2009-2985 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996. ...
7 years ago
CVE-2009-2979 - Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. Per: ...
7 years ago
CVE-2009-2993 - The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows ...
7 years ago
CVE-2009-2983 - Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2994 - Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html ...
7 years ago
CVE-2009-2996 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985. ...
7 years ago
Beyond SSL: Advanced Cyber Security Tools Every eCommerce Site Needs - If you’re operating an eCommerce platform and relying solely on SSL certificates to secure your website, you’re essentially placing a lock on your front door while leaving your windows wide open. Multi-Factor Authentication (MFA) adds an ...
8 months ago Cybersecuritynews.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)