CyberSecurityBoard
Sponsor Register Login

Hackers exploiting critical SessionReaper flaw in Adobe Magento

Adobe Magento, a widely used e-commerce platform, is currently under threat due to a critical vulnerability known as SessionReaper. This flaw allows hackers to exploit session management weaknesses, potentially leading to unauthorized access and data breaches. Cybercriminals are actively leveraging this vulnerability to compromise Magento stores, putting sensitive customer and business data at risk. The SessionReaper flaw highlights the importance of timely patching and robust security practices for e-commerce platforms. Magento users are urged to update their systems immediately to mitigate the risk of exploitation. This article delves into the technical details of the SessionReaper vulnerability, its impact on Adobe Magento users, and recommended security measures to protect against ongoing attacks. It also discusses the broader implications for e-commerce security and the evolving tactics of threat actors targeting online retail environments. Staying informed and proactive is crucial for businesses relying on Magento to safeguard their digital storefronts and customer trust.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 22 Oct 2025 18:45:12 +0000


Cyber News related to Hackers exploiting critical SessionReaper flaw in Adobe Magento

Hackers exploiting critical SessionReaper flaw in Adobe Magento - Adobe Magento, a widely used e-commerce platform, is currently under threat due to a critical vulnerability known as SessionReaper. This flaw allows hackers to exploit session management weaknesses, potentially leading to unauthorized access and data ...
2 months ago Bleepingcomputer.com CVE-2023-24097
Adobe patches critical SessionReaper flaw in Magento eCommerce platform - Adobe has released a critical security update addressing a severe vulnerability known as SessionReaper in its Magento eCommerce platform. This flaw could allow attackers to hijack user sessions, potentially leading to unauthorized access and data ...
4 months ago Bleepingcomputer.com CVE-2023-34362
Grim SessionReaper (CVE-2025-54236) Comes to Collect This Halloween - In October 2025, cybersecurity researchers have uncovered a critical vulnerability dubbed Grim SessionReaper, identified as CVE-2025-54236. This flaw poses significant risks to affected systems, allowing attackers to potentially hijack sessions and ...
2 months ago Akamai.com CVE-2025-54236
Thousands of Adobe Commerce e-stores hacked by exploiting CosmicSting bug - Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. Over ...
1 year ago Securityaffairs.com CVE-2024-34102
Vendors Actively Bypass Year-Old Magento Vulnerability: Security Patch Issues - Vendors are actively bypassing the security patch for a year-old Magento vulnerability, a new research shows. The Magento platform is an open-source eCommerce solution widely used by merchants to create custom stores on the internet. In April 2020, ...
2 years ago Securityweek.com
SessionReaper Vulnerability: New Threat to Web Sessions Uncovered - The SessionReaper vulnerability represents a significant new threat to web session security, allowing attackers to hijack active user sessions and gain unauthorized access to sensitive information. This vulnerability exploits weaknesses in session ...
4 months ago Cybersecuritynews.com CVE-2024-12345 SessionHijackers
CVE-2009-2988 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors. Per: ...
7 years ago
CVE-2009-2998 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. Per: ...
7 years ago
CVE-2009-2986 - Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2981 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors. Per: ...
7 years ago
CVE-2009-3458 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998. Per: ...
7 years ago
CVE-2009-2990 - Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2980 - Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2997 - Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2992 - An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. Per: ...
7 years ago
CVE-2009-2982 - An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors. Per: ...
7 years ago
CVE-2009-2991 - Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. Per: ...
7 years ago
CVE-2009-2985 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996. ...
7 years ago
CVE-2009-2979 - Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. Per: ...
7 years ago
CVE-2009-2993 - The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows ...
7 years ago
CVE-2009-2983 - Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2994 - Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html ...
7 years ago
CVE-2009-2996 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985. ...
7 years ago
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)