CyberSecurityBoard
Sponsor Register Login

SessionReaper Adobe Commerce Flaw Under Attack

A critical vulnerability known as SessionReaper has been identified in Adobe Commerce, exposing millions of e-commerce sites to session hijacking attacks. This flaw allows attackers to take over user sessions, potentially leading to unauthorized access and data breaches. Adobe has released patches, but many sites remain unpatched, increasing the risk of exploitation. Cybercriminals are actively exploiting this vulnerability, emphasizing the urgent need for organizations to update their systems. The flaw affects Adobe Commerce versions prior to the latest security update, and attackers leverage it to steal sensitive customer information and disrupt online retail operations. Security experts recommend immediate patching, monitoring for suspicious activity, and implementing additional security controls such as multi-factor authentication and web application firewalls. This incident highlights the ongoing challenges in securing e-commerce platforms against sophisticated cyber threats and the importance of proactive vulnerability management.

This Cyber News was published on www.darkreading.com. Publication date: Thu, 23 Oct 2025 21:40:05 +0000


Cyber News related to SessionReaper Adobe Commerce Flaw Under Attack

Hackers exploiting critical SessionReaper flaw in Adobe Magento - Adobe Magento, a widely used e-commerce platform, is currently under threat due to a critical vulnerability known as SessionReaper. This flaw allows hackers to exploit session management weaknesses, potentially leading to unauthorized access and data ...
2 months ago Bleepingcomputer.com CVE-2023-24097
Revolutionizing Commerce With AI - Picture a future where commerce is not just an exchange of goods and services but an intricate relationship of data, insights, and artificial intelligence. The AI revolution in commerce is redefining how we approach buying, selling, and market ...
1 year ago Feeds.dzone.com
Grim SessionReaper (CVE-2025-54236) Comes to Collect This Halloween - In October 2025, cybersecurity researchers have uncovered a critical vulnerability dubbed Grim SessionReaper, identified as CVE-2025-54236. This flaw poses significant risks to affected systems, allowing attackers to potentially hijack sessions and ...
2 months ago Akamai.com CVE-2025-54236
SessionReaper Adobe Commerce Flaw Under Attack - A critical vulnerability known as SessionReaper has been identified in Adobe Commerce, exposing millions of e-commerce sites to session hijacking attacks. This flaw allows attackers to take over user sessions, potentially leading to unauthorized ...
2 months ago Darkreading.com CVE-2023-34362
E-commerce Security: Protecting Customer Data - In today's digital landscape, ensuring the security of customer data in e-commerce is a crucial concern for businesses. Protecting e-commerce data security is a complex task that requires a comprehensive understanding of the challenges faced by ...
1 year ago Securityzap.com
SessionReaper Vulnerability: New Threat to Web Sessions Uncovered - The SessionReaper vulnerability represents a significant new threat to web session security, allowing attackers to hijack active user sessions and gain unauthorized access to sensitive information. This vulnerability exploits weaknesses in session ...
4 months ago Cybersecuritynews.com CVE-2024-12345 SessionHijackers
CVE-2009-2982 - An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors. Per: ...
7 years ago
Thousands of Adobe Commerce e-stores hacked by exploiting CosmicSting bug - Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. Over ...
1 year ago Securityaffairs.com CVE-2024-34102
CVE-2009-2988 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors. Per: ...
7 years ago
CVE-2009-2998 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. Per: ...
7 years ago
CVE-2009-2986 - Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2981 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors. Per: ...
7 years ago
CVE-2009-3458 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998. Per: ...
7 years ago
CVE-2009-2990 - Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2980 - Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2997 - Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2992 - An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. Per: ...
7 years ago
CVE-2009-2991 - Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. Per: ...
7 years ago
CVE-2009-2985 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996. ...
7 years ago
CVE-2009-2979 - Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. Per: ...
7 years ago
CVE-2009-2993 - The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows ...
7 years ago
CVE-2009-2983 - Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Per: ...
7 years ago
CVE-2009-2994 - Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html ...
7 years ago
CVE-2009-2996 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985. ...
7 years ago
Adobe patches critical SessionReaper flaw in Magento eCommerce platform - Adobe has released a critical security update addressing a severe vulnerability known as SessionReaper in its Magento eCommerce platform. This flaw could allow attackers to hijack user sessions, potentially leading to unauthorized access and data ...
4 months ago Bleepingcomputer.com CVE-2023-34362

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)