- Adobe poured a critical web API fault in Commerce and Magento
- The error, called Seionreaper, obtained 9.1/10 and affects multiple versions
- Researchers warn that the filtered figure can help attackers
Adobe has paved a critical vulnerability in his trade and open source platforms that could lead to the complete acquisition of the account.
In a recently published security notice, Adobe said he set a vulnerability of inadequate entry validation (CWE-20) that affects the component of SERVICEINPUTPROCESSOR of the web API.
In other words, it allows malicious and incorrectly validated API requests to avoid security controls. The researchers called him Seionreaper.
Most severe defect in history
The error is now tracked as CVE-2025-54236 and has been given a gravity score of 9.1/10 (critic) in the National Vulnerability Database (NVD).
Vulnerable versions include 2.4.9-Alfa2, 2.4.8-P2, 2.4.7-P7, 2.4.6-P12, 2.4.5-P14, 2.4.4-P15 and before, says NVD page.
“A successful attacker can abuse this to achieve the acquisition of the session, increasing the confidentiality and impact of integrity into the high. The exploitation of this problem does not require user interaction.” Adobe Commerce in cloud customers is protected by a web application firewall (WAF), the company confirmed.
The company says that it is not aware of any feat in nature, but, according to BleepingcomputerHe describes it as a “more severe” failure in the history of the platform.
On September 9, a patch was launched, and customers are urged to apply it without delay. “Apply the hotfix as soon as possible. If it does not, it will be vulnerable to this security problem, and Adobe will have limited means to help remedy,” Adobe warned.
Although there is no evidence of abuse in the bank, the Sanec security team said that the initial hotfijo for Seionreaper leaked a few days ago, which could allow the malicious actors to invest it and find additional holes to exploit, Bleepingcomputer reported.
At the same time, some researchers believe that implementing the solution could break an external rupture code, since it disables certain functionalities of Magento.
Through Bleepingcomputer
