Security alert infographic: Adobe Magento icon with red exploit arrows to customer accounts; protective shields for patches and firewalls, with "Update Your Store" warning banner over an e-commerce site.

Security firm Sansec has uncovered active exploitation of CVE-2025-54236, a critical vulnerability in Adobe Commerce and Magento Open-Source platforms with a CVSS score of 9.1. This improper input validation flaw allows attackers to hijack customer accounts via the Commerce REST API, posing severe risks to e-commerce sites.

Security alert infographic: Adobe Magento icon with red exploit arrows to customer accounts; protective shields for patches and firewalls, with "Update Your Store" warning banner over an e-commerce site.Security alert infographic: Adobe Magento icon with red exploit arrows to customer accounts; protective shields for patches and firewalls, with "Update Your Store" warning banner over an e-commerce site.

Despite disclosure six weeks ago, 62% of Magento stores remain unpatched. Attackers are uploading PHP webshells and probing system details, following last year's CosmicSting exploit. CISA has added it to the Known Exploited Vulnerabilities Catalog, urging patches by November 11, 2025.

Security alert infographic: Adobe Magento icon with red exploit arrows to customer accounts; protective shields for patches and firewalls, with "Update Your Store" warning banner over an e-commerce site.Security alert infographic: Adobe Magento icon with red exploit arrows to customer accounts; protective shields for patches and firewalls, with "Update Your Store" warning banner over an e-commerce site.

Protect your store: Apply updates immediately, monitor for anomalies, and use web application firewalls. Stay ahead of threats to safeguard customer data and business integrity.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security