{
  "canonical_id": "magento-open-source--69b54a8ff1",
  "system_id": "magento-open-source",
  "title": "SessionReaper attacks have started, 3 in 5 stores still vulnerable   2025-10-22  Six weeks after Adobe's emergency patch, SessionReaper (CVE-2025-54236) has entered active exploitation. Sansec Shield blocked dozens of attacks today. With only 38% of stores patched and exploit details now public, mass abuse will follow in the coming hours.   skimming   CVE-2025-54236   magento   adobe-commerce   +6",
  "reasons": [
    "missing affected/fixed version details"
  ],
  "candidate_count": 1,
  "references": [
    "https://sansec.io/research/sessionreaper-exploitation"
  ]
}