嗯,用户让我帮忙总结一篇文章,控制在100字以内,而且不需要用“文章内容总结”之类的开头。我得先仔细看看这篇文章讲的是什么。 文章主要讲的是Adobe Commerce和Magento被攻击的情况,用了CVE-2025-54236这个漏洞。黑客通过REST API劫持账户,24小时内发生了超过250次攻击。Sansec的研究人员警告说,这个漏洞非常严重,CVSS评分是9.1分。Adobe上个月发布了紧急补丁,但只有38%的商店打了补丁,情况很危急。 用户的需求是总结内容,所以我要抓住关键点:攻击次数、漏洞名称、影响、补丁情况和当前的安全状况。还要注意字数限制,不能超过100字。 可能的结构是:首先说明攻击的数量和目标,然后提到漏洞的严重性和利用方式,接着说明补丁的情况和当前的安全状况。这样既全面又简洁。 最后检查一下是否符合要求:没有使用特定的开头词,控制在100字以内,并且准确传达了文章的主要信息。 </think> 黑客利用CVE-2025-54236漏洞攻击Adobe Commerce和Magento平台,在24小时内发动超250次攻击。该漏洞允许未授权远程代码执行和账户接管,尽管Adobe已发布补丁,但仅38%的商店完成修复,其余仍面临风险。 2025-10-23 09:22:45 Author: securityaffairs.com(查看原文) 阅读量:11 收藏
Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw
Hackers exploit CVE-2025-54236 in Adobe Commerce and Magento to hijack accounts via REST API. Over 250 attacks in 24 hours.
E-commerce security company Sansec researchers warn that threat actors are exploiting a critical flaw in Adobe Commerce and Magento, tracked as CVE-2025-54236 (CVSS 9.1), to hijack customer accounts via the REST API. The experts observed over 250 attacks hit stores in 24 hours.
Last month, Adobe issued an emergency patch to fix the flaw, dubbed SessionReaper, after researcher Blaklis responsibly disclosed it.
— Blaklis (@Blaklis_) September 9, 2025Release is out : https://t.co/uGEKxm503h
This patches a pre-auth RCE and a customer ATO that I found a few days ago on Adobe Commerce and Magento.
If you're using it, patch asap! This wouldn't be surprising to see TA using them in a few hours or days, at most.#magento
The vulnerability is an improper input validation issue.
“The bug, dubbed SessionReaper and assigned CVE-2025-54236, allows customer account takeover and unauthenticated remote code execution under certain conditions.” reported cybersecurity firm Sansec. “SessionReaper is one of the more severe Magento vulnerabilities in its history, comparable to Shoplift (2015), Ambionics SQLi (2019), TrojanOrder (2022) and CosmicSting (2024). Each time, thousands of stores got hacked, sometimes within hours of the flaw being published.”
An attacker can exploit this vulnerability to take over customer accounts.
The situation is critical, as only 38% of stores are patched and exploit details are already publicly available.
“When we first reported on SessionReaper in September, fewer than one in three Magento stores had been patched. Six weeks later, that figure has barely improved: only 38% of stores are now protected. This means that 62% of Magento stores remain vulnerable to a critical remote code execution attack with publicly available exploit details.” reads the report published by Sancec.
“With exploit details now public and active attacks already observed, we expect mass exploitation within the next 48 hours. Automated scanning and exploitation tools typically emerge quickly after technical writeups are published, and SessionReaper’s high impact makes it an attractive target for attackers.”
SessionReaper matches past major flaws like CosmicSting, TrojanOrder, and Shoplift, which each led to thousands of store breaches within hours.
Sansec blocked over 250 SessionReaper attack attempts on e-commerce sites, with payloads delivering PHP webshells or phpinfo probes from multiple IPs.
Sansec spotted attacks coming from the following IPs:
- 34.227.25.4
- 44.212.43.34
- 54.205.171.35
- 155.117.84.134
- 159.89.12.166
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CVE-2025-54236)
如有侵权请联系:admin#unsafe.sh