After many years at the helm of Greenbone, our co-founder, Dr Jan-Oliver Wagner, is stepping down from active operational management. However, he will remain closely associated with the company as a consultant. We would like to thank Dr Wagner for his extraordinary commitment and all that he has achieved for Greenbone since its foundation. […]
https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.png00Greenbone AGhttps://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.pngGreenbone AG2025-09-22 15:21:362025-09-22 16:45:54Change in the Greenbone AG Executive Board
CVE-2025-54236 (CVSS 9.1) is an account-takeover flaw that may result in unauthenticated remote code execution (RCE) under certain conditions. Dubbed “SessionReaper”, CVE-2025-54236 affects Adobe Commerce, Adobe Commerce B2B, and Magento Open Source web applications. The root cause is Improper Input Validation [CWE-20] in the REST API. Adobe’s official advisory describes the issue as a security […]
https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.png00Joseph Leehttps://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.pngJoseph Lee2025-09-17 14:41:512025-09-17 14:41:51SessionReaper: Account Takeover and Unauthenticated RCE in Magento and Adobe Commerce
The August 2025 Threat Report underscores how quickly high-risk vulnerabilities can shift from disclosure to active exploitation. Citrix, Fortinet, N-able, and Trend Micro flaws were weaponized within days. Other critical flaws in highly targeted software, such as Microsoft Exchange, emerged. Mainstream enterprise applications, such as Docker Desktop, Git, and Zoom, were also exposed to new […]
Change in the Greenbone AG Executive Board
BlogAfter many years at the helm of Greenbone, our co-founder, Dr Jan-Oliver Wagner, is stepping down from active operational management. However, he will remain closely associated with the company as a consultant. We would like to thank Dr Wagner for his extraordinary commitment and all that he has achieved for Greenbone since its foundation. […]
SessionReaper: Account Takeover and Unauthenticated RCE in Magento and Adobe Commerce
BlogCVE-2025-54236 (CVSS 9.1) is an account-takeover flaw that may result in unauthenticated remote code execution (RCE) under certain conditions. Dubbed “SessionReaper”, CVE-2025-54236 affects Adobe Commerce, Adobe Commerce B2B, and Magento Open Source web applications. The root cause is Improper Input Validation [CWE-20] in the REST API. Adobe’s official advisory describes the issue as a security […]
August 2025 Threat Report: Fast-Moving, High-Risk Vulnerabilities
BlogThe August 2025 Threat Report underscores how quickly high-risk vulnerabilities can shift from disclosure to active exploitation. Citrix, Fortinet, N-able, and Trend Micro flaws were weaponized within days. Other critical flaws in highly targeted software, such as Microsoft Exchange, emerged. Mainstream enterprise applications, such as Docker Desktop, Git, and Zoom, were also exposed to new […]