Critical Adobe E-commerce Platform Vulnerability Under Active Exploitation — Vietnamese Businesses Urged to Respond Immediately
01:46:00 | 09-12-2025

More than 95,000 Magento (Adobe Commerce) servers worldwide are currently under attack due to a critical vulnerability known as Session Reaper. This flaw allows attackers to hijack user sessions, execute remote code, and take full control of affected systems. According to Bkav cybersecurity experts, Vietnam is among the countries at high risk of being targeted.

Hoàng Trường Khương, cybersecurity specialist at Bkav, explains that the Session Reaper vulnerability stems from how Magento processes data through its Web API. Attackers can inject malicious content into active sessions and upload a web shell — a malicious script that enables persistent access and remote control of the server. Once exploited successfully, attackers can seize administrative privileges, leak payment data, or create fake admin accounts to expand the attack surface. All Adobe Commerce and Magento Open Source versions released prior to October 2025 — including branches up to 2.4.9-alpha2 — are affected.

Within just 48 hours of the public release of exploit code, more than 300 automated attacks were recorded globally, targeting over 130 Magento servers. Statistics from Sansec Shield show that although Adobe issued an emergency patch in early September, approximately 62% of Magento stores still have not updated. With over 95,000 Magento servers exposed publicly worldwide, thousands of e-commerce websites remain highly vulnerable. Even a one-day delay in patching can lead to severe business damage.

In Vietnam, many e-commerce platforms — including hundreds of well-known brands in retail, fashion, and technology — rely on Magento. Findings from research and real-world incident response at Bkav indicate that this group is particularly vulnerable, as most systems lack routine patching procedures or sufficient application-layer protection (WAF). Older Magento versions or uncontrolled REST API modules are considered high-risk and can be exploited rapidly if not updated promptly.

Bkav recommends that all Magento system administrators in Vietnam immediately apply Adobe’s official patches and enable web application firewalls (WAF) to filter and block abnormal traffic. Businesses should conduct a full system review, especially checking for suspicious PHP files and newly created admin accounts. If intrusion is suspected, the server must be isolated, restored from a clean backup, and all passwords and access keys must be reset.

Bkav

Share
Các tin bài khác