CVE-2025-54236 (CVSS 9.1) is an account-takeover flaw that may result in unauthenticated remote code execution (RCE) under certain conditions. Dubbed “SessionReaper”, CVE-2025-54236 affects Adobe Commerce, Adobe Commerce B2B, and Magento Open Source web applications. The root cause is Improper Input Validation [CWE-20] in the REST API. Adobe’s official advisory describes the issue as a security […]
https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.png00Joseph Leehttps://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.pngJoseph Lee2025-09-17 14:41:512025-09-17 14:41:51SessionReaper: Account Takeover and Unauthenticated RCE in Magento and Adobe Commerce
The August 2025 Threat Report underscores how quickly high-risk vulnerabilities can shift from disclosure to active exploitation. Citrix, Fortinet, N-able, and Trend Micro flaws were weaponized within days. Other critical flaws in highly targeted software, such as Microsoft Exchange, emerged. Mainstream enterprise applications, such as Docker Desktop, Git, and Zoom, were also exposed to new […]
Utrecht will be the central meeting point for the cybersecurity community on September 10 – 11, 2025. OPENVAS B.V. will make its first appearance at Cybersec Netherlands, marking an important milestone in expanding our local presence after establishing the Benelux office and fostering direct connections with customers and partners. The area is one of Europe’s […]
SessionReaper: Account Takeover and Unauthenticated RCE in Magento and Adobe Commerce
BlogCVE-2025-54236 (CVSS 9.1) is an account-takeover flaw that may result in unauthenticated remote code execution (RCE) under certain conditions. Dubbed “SessionReaper”, CVE-2025-54236 affects Adobe Commerce, Adobe Commerce B2B, and Magento Open Source web applications. The root cause is Improper Input Validation [CWE-20] in the REST API. Adobe’s official advisory describes the issue as a security […]
August 2025 Threat Report: Fast-Moving, High-Risk Vulnerabilities
BlogThe August 2025 Threat Report underscores how quickly high-risk vulnerabilities can shift from disclosure to active exploitation. Citrix, Fortinet, N-able, and Trend Micro flaws were weaponized within days. Other critical flaws in highly targeted software, such as Microsoft Exchange, emerged. Mainstream enterprise applications, such as Docker Desktop, Git, and Zoom, were also exposed to new […]
OPENVAS B.V. Debuts at Cybersec Netherlands 2025 in Utrecht
BlogUtrecht will be the central meeting point for the cybersecurity community on September 10 – 11, 2025. OPENVAS B.V. will make its first appearance at Cybersec Netherlands, marking an important milestone in expanding our local presence after establishing the Benelux office and fostering direct connections with customers and partners. The area is one of Europe’s […]