Adobe Commerce
Company Details
Linkedin ID:
adobe-commerce
Website:
Employees number:
533
Number of followers:
124,001
NAICS:
513
Industry Type:
Homepage:
adobe.com
IP Addresses:
91
Company ID:
ADO_1464906
Scan Status:
Completed
Adobe Commerce Company CyberSecurity Posture
adobe.com
Adobe Commerce is the world’s leading digital commerce solution for merchants and brands. With Adobe Commerce, you can build engaging shopping experiences for every type of customer — from B2B and B2C to B2B2C. It’s built for enterprise on a scalable, open-source platform with unparalleled security, premium performance, and a low total cost of ownership. Businesses of all sizes can use it to reach customers wherever they are, across devices and marketplaces. It’s more than a flexible shopping cart system. It’s the building block for business growth.
Adobe Commerce A.I CyberSecurity Scoring
Adobe Commerce Risk Score (AI oriented)Between 700 and 749
Adobe Commerce
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Adobe Commerce Global Score (TPRM)XXXX
Adobe Commerce
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Adobe Commerce Company CyberSecurity News & History
Past Incidents
6
Attack Types
1
Adobe (Adobe Commerce / Magento)
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Hackers are actively exploiting **CVE-2025-54236 (SessionReaper)**, a critical **improper input validation vulnerability** in Adobe Commerce (formerly Magento). The flaw allows attackers to **take over customer accounts via the Commerce REST API without user interaction**, potentially leading to **unauthorized access to sensitive customer data, financial fraud, or full account compromise**.Over **250 exploitation attempts** were blocked in a single day, with **62% of Magento stores remaining unpatched** and vulnerable. Attackers are deploying **PHP webshells and reconnaissance probes (phpinfo)** to assess system configurations, escalating the risk of **large-scale data breaches or financial theft**. The vulnerability affects multiple versions, including **2.4.9-alpha2, 2.4.8-p2, and earlier**, with default configurations (file-based session storage) being the primary attack vector.Adobe issued an **emergency patch**, but slow adoption—only **40% of stores patched after six weeks**—exposes thousands of e-commerce platforms to **account takeovers, payment fraud, and reputational damage**. Security firms warn of **increased attack volumes** following public technical analyses, urging immediate patching to prevent **widespread customer data compromise and operational disruptions**.
Adobe
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Adobe has disclosed a **critical vulnerability (CVE-2025-54236, dubbed *SessionReaper*)** in its **Commerce and Magento Open Source platforms**, allowing unauthenticated attackers to **bypass security features and hijack customer accounts** via the Commerce REST API. Though no active exploitation has been observed yet, a leaked hotfix may accelerate threat actor development of exploits. The flaw, deemed one of the most severe in Magento’s history, enables **session forging, privilege escalation, and potential code execution**—mirroring past high-impact vulnerabilities like *CosmicSting* and *Shoplift*.Adobe released an emergency patch on **September 9, 2025**, urging immediate deployment, as delayed action leaves systems exposed to **automated, large-scale attacks**. Cloud-based Adobe Commerce users received temporary protection via a WAF rule, but on-premise and unpatched instances remain at risk. The vulnerability’s exploitation relies on **default session storage configurations**, increasing its reach. Failure to patch could lead to **widespread account takeovers, financial fraud, and operational disruptions** for e-commerce businesses, with Adobe offering limited remediation support post-breach.Researchers warn of **high automation potential**, emphasizing the urgency for administrators to test and apply fixes despite potential compatibility issues with custom code.
Adobe
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Adobe is facing active exploitation attempts targeting **CVE-2025-54236 (SessionReaper)**, a critical **Improper Input Validation** vulnerability in **Adobe Commerce and Magento Open Source**. The flaw allows attackers to **take over customer accounts** and, in certain configurations (e.g., file-based session storage), achieve **unauthenticated remote code execution (RCE)**. Over **250 exploitation attempts** were blocked in a single day, with expectations of **mass exploitation within 48 hours** due to publicly available exploit details.Only **38% of Magento stores** have applied the patch, leaving a vast majority exposed. Attackers are deploying **PHP webshells and phpinfo probes**, indicating reconnaissance for deeper compromise. The vulnerability affects multiple versions of Adobe Commerce, Magento Open Source, and B2B editions. While Adobe released a hotfix on **September 9, 2025**, the leak of technical details a week prior accelerated attacker activity. Sansec researchers warn of **automated scanning tools** emerging rapidly, increasing the risk of large-scale breaches. Administrators are urged to **patch immediately** and scan for signs of intrusion, as delayed action could lead to **widespread account takeovers, data theft, or financial fraud** through compromised e-commerce platforms.
Adobe
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Threat actors are actively exploiting **CVE-2025-54236** (CVSS 9.1), a critical **improper input validation vulnerability** in **Adobe Commerce and Magento Open Source**, enabling **account takeovers via the Commerce REST API**. Over **250 attack attempts** were recorded in 24 hours, with **62% of Magento stores remaining unpatched** six weeks post-disclosure. Exploits involve dropping **PHP webshells** and extracting **PHP configuration data** via fake sessions, risking **full customer account compromise**. The flaw, dubbed **SessionReaper**, follows a similar 2024 deserialization vulnerability (**CosmicSting, CVE-2024-34102**), highlighting a pattern of **high-severity exploits** in Adobe’s e-commerce platforms. Public **proof-of-concept (PoC) exploits** and technical analyses (e.g., by **Searchlight Cyber**) accelerate attack adoption. Adobe confirmed **in-the-wild exploitation**, urging immediate patching to prevent **widespread account hijacking, data theft, or backend system infiltration**—potentially disrupting **payment processes, customer trust, and operational integrity** for affected stores.
Adobe Commerce
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Over 4,000 Adobe Commerce and Magento stores were hacked through the exploitation of a critical vulnerability, identified as CosmicSting (CVE-2024-34102). This attack allowed unauthorized reading of files, including passwords and other sensitive data. The attackers typically stole a secret cryptographic key and modified CMS blocks via the Magento API to inject malicious Javascript aimed at customer data theft. The exploitation led to the installation of payment skimmers in 5% of all Adobe Commerce and Magento store checkouts. Major organizations, such as Ray-Ban and Cisco, were affected, resulting in potentially severe financial and reputational damage.
Adobe Commerce and Magento
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Over 4,000 Adobe Commerce and Magento stores suffered a massive security breach due to exploitation of the CosmicSting vulnerability, CVE-2024-34102. This critical flaw allowed attackers to run arbitrary code and install backdoors, jeopardizing sensitive customer and merchant data. Major brands like Ray-Ban, National Geographic, Cisco, Whirlpool, and Segway have been impacted, with attackers deploying payment skimmers in the affected e-stores. Despite Adobe's critical update and warnings, failure to invalidate old cryptographic keys left many merchants exposed, resulting in widespread financial and data losses for both companies and their customers during the summer.
Adobe Commerce Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Adobe Commerce
Incidents vs Technology, Information and Internet Industry Average (This Year)
Adobe Commerce has 279.75% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Adobe Commerce has 368.75% more incidents than the average of all companies with at least one recorded incident.
Incident Types Adobe Commerce vs Technology, Information and Internet Industry Avg (This Year)
Adobe Commerce reported 3 incidents this year: 0 cyber attacks, 0 ransomware, 3 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Adobe Commerce (X = Date, Y = Severity)
Adobe Commerce cyber incidents detection timeline including parent company and subsidiaries
Adobe Commerce Company Subsidiaries
Adobe Commerce is the world’s leading digital commerce solution for merchants and brands. With Adobe Commerce, you can build engaging shopping experiences for every type of customer — from B2B and B2C to B2B2C. It’s built for enterprise on a scalable, open-source platform with unparalleled security, premium performance, and a low total cost of ownership. Businesses of all sizes can use it to reach customers wherever they are, across devices and marketplaces. It’s more than a flexible shopping cart system. It’s the building block for business growth.
Loading...
Adobe Commerce Similar Companies
Times Internet
At Times Internet, we create premium digital products that simplify and enhance the lives of millions. As India’s largest digital products company, we have a significant presence across a wide range of categories, including News, Sports, Fintech, and Enterprise solutions. Our portfolio features mar
Cimpress plc (Nasdaq: CMPR) invests in and builds customer-focused, entrepreneurial, mass-customization businesses for the long term. Mass customization is a competitive strategy which seeks to produce goods and services to meet individual customer needs with near mass production efficiency. Cimpr
Arrow Electronics
Arrow Electronics (NYSE:ARW) guides innovation forward for thousands of leading technology manufacturers and service providers. With 2024 sales of $27.9 billion, Arrow develops technology solutions that help improve business and daily life. Our broad portfolio that spans the entire technology lands
Binance
Binance is the world’s leading blockchain ecosystem and cryptocurrency infrastructure provider with a product suite that includes the world's largest digital asset exchange and much more. Trusted by over 200 millions of users worldwide, the Binance platform is dedicated to increasing the freedom of
The Death Star
The mission of the Death Star is to keep the local systems "in line". As we have recently dissolved our Board of Directors, there is little resistance to our larger goal of universal domination. Our Stormtroopers are excellent shots and operate with our Navy, and are fielded like marines - sep
Sohu.com Inc. (NASDAQ: SOHU) is China's premier online brand and indispensable to the daily life of millions of Chinese, providing a network of web properties and community based/web 2.0 products which offer the vast Sohu user community a broad array of choices regarding information, entertainment a
Myntra
At Myntra, we don’t just follow fashion - we define it. As India's leading fashion, lifestyle, and beauty destination, we bring together the best of style, technology, and innovation to create a seamless shopping experience for our customers. With a commitment to empowering self-expression, we cura
Flipkart
At Flipkart, we're driven by our purpose of empowering every Indian's dream by delivering value through innovation in technology and commerce. With a customer base of over 350 million, product coverage of over 150 million across 80+ categories, a focus on generating direct and indirect employment an
IndiaMART InterMESH Limited
IndiaMART is India's largest online B2B marketplace, connecting buyers with suppliers across a wide array of industries. IndiaMART provides a platform for Small & Medium Enterprises (SMEs), large enterprises, and individual buyers, helping them access diverse portfolios of quality products. Since
.png)
Adobe Commerce CyberSecurity News
November 11, 2025 08:00 AM
Adobe Issues Magento Fix: Here’s How to Keep Your eCommerce Site Safe
Adobe's latest Magento security patch fixes major vulnerabilities. Experts explain why patching alone isn't enough to keep eCommerce...
November 04, 2025 08:00 AM
Vietnam among high-risk nations targeted by Adobe's 'Session Reaper' vulnerability
In Vietnam, many e-commerce platforms, including hundreds of well-known brands in retail, fashion, and technology, rely on Magento,...
November 02, 2025 07:00 AM
Cybersecurity News Weekly Newsletter – EY Data Leak, Bind 9, Chrome Vulnerability, and Aardvar ChatGPT Agent
This week's cybersecurity roundup highlights escalating threats from misconfigurations, software flaws, and advanced malware.
October 29, 2025 07:00 AM
Magento Input Validation Vulnerability Exploited In Wild To Hijack Session And Execute Malicious Codes
A critical vulnerability in Magento, the popular e-commerce platform, is now rebranded as Adobe Commerce. Dubbed SessionReaper and tracked...
October 27, 2025 07:00 AM
Adobe and Microsoft vulnerabilities added to CISA’s known exploited vulnerabilities catalogue
Improper input validation vulnerability in Adobe Commerce and an alarming Windows Server Update Service issue have been added to the US...
October 26, 2025 07:00 AM
Cybersecurity Newsletter Weekly – AWS Outage, WSUS Exploitation, Chrome Flaws, and RDP Attacks
Welcome to this week's edition of the Cybersecurity Newsletter, where we dissect the latest threats, vulnerabilities, and disruptions...
October 25, 2025 07:00 AM
Critical vulnerability CVE-2025-54236 in Adobe Commerce (Magento)
[German]A critical vulnerability, CVE-2025-54236, has been found in Adobe Commerce software (formerly Magento). Adobe Commerce allows...
October 24, 2025 10:01 PM
Unifying retail commerce for seamless buyer journeys | EY - US
Composable commerce helps retailers to unify channels and provide seamless, personalized experiences for today's consumers. Modular solutions help retailers...
October 24, 2025 07:00 AM
U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vul...
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Adobe Commerce CyberSecurity History Information
Official Website of Adobe Commerce
The official website of Adobe Commerce is https://adobe.ly/adobecommerce.
Adobe Commerce’s AI-Generated Cybersecurity Score
According to Rankiteo, Adobe Commerce’s AI-generated cybersecurity score is 742, reflecting their Moderate security posture.
How many security badges does Adobe Commerce’ have ?
According to Rankiteo, Adobe Commerce currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Adobe Commerce have SOC 2 Type 1 certification ?
According to Rankiteo, Adobe Commerce is not certified under SOC 2 Type 1.
Does Adobe Commerce have SOC 2 Type 2 certification ?
According to Rankiteo, Adobe Commerce does not hold a SOC 2 Type 2 certification.
Does Adobe Commerce comply with GDPR ?
According to Rankiteo, Adobe Commerce is not listed as GDPR compliant.
Does Adobe Commerce have PCI DSS certification ?
According to Rankiteo, Adobe Commerce does not currently maintain PCI DSS compliance.
Does Adobe Commerce comply with HIPAA ?
According to Rankiteo, Adobe Commerce is not compliant with HIPAA regulations.
Does Adobe Commerce have ISO 27001 certification ?
According to Rankiteo,Adobe Commerce is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Adobe Commerce
Adobe Commerce operates primarily in the Technology, Information and Internet industry.
Number of Employees at Adobe Commerce
Adobe Commerce employs approximately 533 people worldwide.
Subsidiaries Owned by Adobe Commerce
Adobe Commerce presently has no subsidiaries across any sectors.
Adobe Commerce’s LinkedIn Followers
Adobe Commerce’s official LinkedIn profile has approximately 124,001 followers.
NAICS Classification of Adobe Commerce
Adobe Commerce is classified under the NAICS code 513, which corresponds to Others.
Adobe Commerce’s Presence on Crunchbase
No, Adobe Commerce does not have a profile on Crunchbase.
Adobe Commerce’s Presence on LinkedIn
Yes, Adobe Commerce maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/adobe-commerce.
Cybersecurity Incidents Involving Adobe Commerce
As of November 27, 2025, Rankiteo reports that Adobe Commerce has experienced 6 cybersecurity incidents.
Number of Peer and Competitor Companies
Adobe Commerce has an estimated 12,520 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Adobe Commerce ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
What was the total financial impact of these incidents on Adobe Commerce ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $0.
How does Adobe Commerce detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with adobe's critical update and warnings, and and third party assistance with sansec (research and advisory), and containment measures with waf rule deployed for adobe commerce on cloud customers, containment measures with emergency patch release, and remediation measures with patch deployment (disables internal magento functionality), remediation measures with updated rest api documentation, and communication strategy with direct notifications to selected customers (2025-09-04), communication strategy with public security bulletin, communication strategy with urgent patching advisory, and adaptive behavioral waf with deployed for adobe commerce on cloud as interim mitigation, and incident response plan activated with sansec shield detection/blocking, and third party assistance with sansec (detection/analysis), third party assistance with searchlight cyber (technical analysis), and containment measures with blocking exploitation attempts (sansec shield), containment measures with patching vulnerability (recommended), and remediation measures with apply adobe security update, remediation measures with mitigations per adobe advisory, and communication strategy with public advisory by adobe (2025-09-08), communication strategy with sansec bulletin, communication strategy with searchlight cyber technical analysis, and enhanced monitoring with sansec shield (ongoing detection), and and third party assistance with sansec, third party assistance with assetnote/searchlight cyber, and containment measures with blocking exploit attempts (250+ blocked), containment measures with ip blacklisting, and remediation measures with apply adobe hotfix (released 2025-09-09), remediation measures with upgrade to latest secure version, remediation measures with scan for signs of compromise, and communication strategy with public advisory by sansec, communication strategy with technical deep-dive by assetnote, communication strategy with urgent patching recommendations, and enhanced monitoring with monitor for exploitation attempts, enhanced monitoring with scan for webshells/phpinfo probes, and third party assistance with sansec (warning & analysis), third party assistance with searchlight cyber (technical analysis), and containment measures with urgent patch application recommended, and remediation measures with apply adobe security updates, remediation measures with monitor for php webshells, remediation measures with restrict access to '/customer/address_file/upload', and communication strategy with public advisory by sansec, communication strategy with revised adobe security bulletin, and enhanced monitoring with monitor for attacks from known malicious ips..
Incident Details
Can you provide details on each incident ?
Title: CosmicSting Vulnerability Exploitation
Description: Over 4,000 Adobe Commerce and Magento stores were hacked through the exploitation of a critical vulnerability, identified as CosmicSting (CVE-2024-34102). This attack allowed unauthorized reading of files, including passwords and other sensitive data. The attackers typically stole a secret cryptographic key and modified CMS blocks via the Magento API to inject malicious Javascript aimed at customer data theft. The exploitation led to the installation of payment skimmers in 5% of all Adobe Commerce and Magento store checkouts. Major organizations, such as Ray-Ban and Cisco, were affected, resulting in potentially severe financial and reputational damage.
Type: Data Breach, Malware
Attack Vector: Exploitation of Critical Vulnerability (CosmicSting - CVE-2024-34102)
Vulnerability Exploited: CosmicSting (CVE-2024-34102)
Motivation: Financial Gain, Data Theft
Title: Massive Security Breach of Adobe Commerce and Magento Stores
Description: Over 4,000 Adobe Commerce and Magento stores suffered a massive security breach due to exploitation of the CosmicSting vulnerability, CVE-2024-34102. This critical flaw allowed attackers to run arbitrary code and install backdoors, jeopardizing sensitive customer and merchant data. Major brands like Ray-Ban, National Geographic, Cisco, Whirlpool, and Segway have been impacted, with attackers deploying payment skimmers in the affected e-stores. Despite Adobe's critical update and warnings, failure to invalidate old cryptographic keys left many merchants exposed, resulting in widespread financial and data losses for both companies and their customers during the summer.
Type: Security Breach
Attack Vector: Exploitation of CosmicSting vulnerability (CVE-2024-34102)
Vulnerability Exploited: CosmicSting vulnerability (CVE-2024-34102)
Motivation: Financial gain, data theft
Title: Critical SessionReaper Vulnerability (CVE-2025-54236) in Adobe Commerce and Magento Open Source
Description: Adobe has disclosed a critical vulnerability (CVE-2025-54236), dubbed 'SessionReaper,' in its Commerce and Magento Open Source platforms. The flaw allows unauthenticated attackers to take control of customer accounts via the Commerce REST API. Adobe released an emergency patch on September 9, 2025, after notifying selected customers on September 4. While no active exploitation has been observed, a leaked hotfix may give threat actors an advantage in developing exploits. The vulnerability is considered one of the most severe in Magento's history, with potential for automated, large-scale abuse. Administrators are urged to apply the patch immediately, though it may disrupt custom or external code due to disabled internal Magento functionality.
Date Publicly Disclosed: 2025-09-04
Date Resolved: 2025-09-09
Type: Vulnerability Disclosure
Attack Vector: NetworkREST API ExploitationSession Forging
Vulnerability Exploited: CVE-2025-54236 (SessionReaper - Session Data Storage on File System)
Title: Active Exploitation of SessionReaper Vulnerability (CVE-2025-54236) in Adobe Commerce (Magento)
Description: Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. The flaw, an improper input validation issue, allows attackers to take control of account sessions without user interaction via the Commerce REST API. Sansec detected and blocked over 250 exploitation attempts from five IP addresses, primarily deploying PHP webshells or phpinfo probes. As of the report, 62% of Magento stores remain unpatched and vulnerable.
Date Detected: 2025-09-08
Date Publicly Disclosed: 2025-09-08
Type: Vulnerability Exploitation
Attack Vector: Network-BasedExploitation of Public-Facing Application (CVE-2025-54236)REST API Abuse
Vulnerability Exploited: CVE-2025-54236 (Improper Input Validation in Adobe Commerce/Magento)
Motivation: OpportunisticFinancial Gain (Potential)Data Theft
Title: Exploitation Attempts Targeting CVE-2025-54236 (SessionReaper) in Adobe Commerce and Magento Open Source
Description: Attackers are exploiting CVE-2025-54236, a critical 'Improper Input Validation' vulnerability (dubbed 'SessionReaper') in Adobe Commerce and Magento Open Source. The flaw may allow attackers to take over customer accounts or achieve unauthenticated remote code execution (RCE) under certain conditions (e.g., file-based session storage). Over 250 exploitation attempts were blocked on Wednesday, with expectations of mass exploitation within 48 hours due to public exploit details. Only 38% of Magento stores are patched, leaving a majority vulnerable. Attack payloads include PHP webshells and phpinfo probes.
Date Detected: 2025-09-11
Date Publicly Disclosed: 2025-09-11
Type: Vulnerability Exploitation
Attack Vector: Network-BasedExploitation of Public-Facing Application
Vulnerability Exploited: Cve Id: CVE-2025-54236, Name: SessionReaper, Type: Improper Input Validation, Cvss Score: None, Affected Versions: {'Adobe Commerce/Magento Open Source': ['2.4.9-alpha2 and earlier', '2.4.8-p2 and earlier', '2.4.7-p7 and earlier', '2.4.6-p12 and earlier', '2.4.5-p14 and earlier', '2.4.4-p15 and earlier'], 'Adobe Commerce B2B': ['1.5.3-alpha2 and earlier', '1.5.2-p2 and earlier', '1.4.2-p7 and earlier', '1.3.4-p14 and earlier', '1.3.3-p15 and earlier']}, Patch Available: True, Patch Release Date: 2025-09-09, Patch Leaked Prior: True, Exploit Publicly Available: True.
Motivation: OpportunisticFinancial Gain (Potential)Data Theft (Potential)Unauthorized Access
Title: Exploitation of CVE-2025-54236 (SessionReaper) in Adobe Commerce and Magento Open Source Platforms
Description: Threat actors are exploiting a critical improper input validation flaw (CVE-2025-54236, CVSS score: 9.1) in Adobe Commerce and Magento Open Source platforms to take over customer accounts via the Commerce REST API. Over 250 attack attempts have been recorded in the past 24 hours, with 62% of Magento stores remaining vulnerable six weeks after patch disclosure. Attacks involve dropping PHP webshells or probing phpinfo to extract PHP configuration. The vulnerability, dubbed 'SessionReaper,' was responsibly disclosed by researcher Blaklis and patched by Adobe last month. Exploitation is now confirmed in-the-wild, with IP addresses linked to malicious activity. A related deserialization flaw, CosmicSting (CVE-2024-34102), was widely exploited in July 2024.
Type: Vulnerability Exploitation
Attack Vector: Improper Input ValidationDeserialization FlawREST API ExploitationPHP Webshell Deployment
Vulnerability Exploited: CVE-2025-54236 (SessionReaper)CVE-2024-34102 (CosmicSting)
Threat Actor: Unknown
Motivation: Unauthorized AccessData TheftPotential Financial GainReconnaissance
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Critical Vulnerability (CVE-2024-34102), CosmicSting vulnerability (CVE-2024-34102), Exploiting CVE-2025-54236 via REST API and Commerce REST API (CVE-2025-54236)PHP File Upload ('/customer/address_file/upload').
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach, Malware ADO000100724
Data Compromised: Passwords, Cryptographic Keys, Customer Data
Systems Affected: Adobe Commerce and Magento Stores
Brand Reputation Impact: Severe
Payment Information Risk: High
Incident : Security Breach ADO000101024
Financial Loss: Widespread financial losses
Data Compromised: Sensitive customer and merchant data
Systems Affected: Over 4,000 Adobe Commerce and Magento stores
Brand Reputation Impact: Impact on major brands
Payment Information Risk: Payment skimmers deployed
Incident : Vulnerability Disclosure ADO1892518090925
Data Compromised: Potential customer account data (if exploited)
Systems Affected: Adobe CommerceMagento Open Source (default file-system session storage configurations)
Operational Impact: Potential disruption of custom/external code due to patchUrgent patching required
Brand Reputation Impact: High (due to severity of vulnerability and historical context)
Identity Theft Risk: ['High (if accounts are compromised)']
Incident : Vulnerability Exploitation ADO0402304102325
Data Compromised: Potential customer account data (session hijacking)
Systems Affected: Adobe Commerce (Magento) Platforms (Versions: 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier)
Operational Impact: Risk of Account TakeoversUnauthorized Access to Customer Sessions
Brand Reputation Impact: High (Due to Widespread Vulnerability and Active Exploitation)
Identity Theft Risk: ['High (If Customer Sessions Compromised)']
Payment Information Risk: ['Potential (If Session Data Includes Payment Tokens)']
Incident : Vulnerability Exploitation ADO5132051102325
Data Compromised: Potential customer account takeover, Potential sensitive data exposure (if rce achieved)
Systems Affected: Adobe CommerceMagento Open Source
Operational Impact: Increased Risk of CompromiseUrgent Patching RequiredIncident Response Activation
Brand Reputation Impact: Potential Reputation Damage if Breached
Identity Theft Risk: ['High (if customer accounts compromised)']
Payment Information Risk: ['Potential (if RCE leads to database access)']
Incident : Vulnerability Exploitation ADO0092800102325
Data Compromised: Customer account data (potential)
Systems Affected: Adobe Commerce PlatformsMagento Open Source Platforms
Operational Impact: Account Takeover RiskUnauthorized Access to Customer Data
Brand Reputation Impact: Potential Loss of Trust Due to Unpatched Vulnerabilities
Identity Theft Risk: ['High (Due to Account Takeover Capabilities)']
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $0.00.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Passwords, Cryptographic Keys, Customer Data, Sensitive customer and merchant data, Session Data (Potential), Customer Account Access (If Exploited), , Potential: Customer Account Credentials, Session Data, Sensitive Information (If Rce Achieved), , Customer Account Credentials (Potential) and .
Which entities were affected by each incident ?
Incident : Data Breach, Malware ADO000100724
Entity Name: Ray-Ban
Entity Type: Retail
Industry: Eyewear
Incident : Data Breach, Malware ADO000100724
Entity Name: Cisco
Entity Type: Technology
Industry: Networking
Incident : Security Breach ADO000101024
Entity Name: National Geographic
Entity Type: Company
Industry: Media
Incident : Security Breach ADO000101024
Entity Name: Whirlpool
Entity Type: Company
Industry: Manufacturing
Incident : Vulnerability Disclosure ADO1892518090925
Entity Name: Adobe
Entity Type: Software Vendor
Industry: Technology
Location: Global
Size: Large Enterprise
Customers Affected: Selected Adobe Commerce and Magento Open Source customers (exact number undisclosed)
Incident : Vulnerability Exploitation ADO0402304102325
Entity Name: Adobe Commerce (Magento) Users
Entity Type: E-Commerce Platforms, Online Stores
Industry: Retail/E-Commerce
Location: Global
Incident : Vulnerability Exploitation ADO5132051102325
Entity Name: Adobe (Adobe Commerce)
Entity Type: Software Vendor
Industry: Technology
Location: Global
Size: Large Enterprise
Incident : Vulnerability Exploitation ADO5132051102325
Entity Name: Multiple Magento Open Source Users
Entity Type: E-commerce Businesses, Online Retailers
Industry: Retail
Location: Global
Size: ['SMB', 'Enterprise']
Customers Affected: Potentially all unpatched stores (62% as of report)
Incident : Vulnerability Exploitation ADO0092800102325
Entity Name: Adobe Commerce Users
Entity Type: E-commerce Platform
Industry: Retail/E-commerce
Location: Global
Incident : Vulnerability Exploitation ADO0092800102325
Entity Name: Magento Open Source Users
Entity Type: E-commerce Platform
Industry: Retail/E-commerce
Location: Global
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Security Breach ADO000101024
Remediation Measures: Adobe's critical update and warnings
Incident : Vulnerability Disclosure ADO1892518090925
Incident Response Plan Activated: True
Third Party Assistance: Sansec (Research And Advisory).
Containment Measures: WAF rule deployed for Adobe Commerce on Cloud customersEmergency patch release
Remediation Measures: Patch deployment (disables internal Magento functionality)Updated REST API documentation
Communication Strategy: Direct notifications to selected customers (2025-09-04)Public security bulletinUrgent patching advisory
Adaptive Behavioral WAF: ['Deployed for Adobe Commerce on Cloud as interim mitigation']
Incident : Vulnerability Exploitation ADO0402304102325
Incident Response Plan Activated: ['Sansec Shield Detection/Blocking']
Third Party Assistance: Sansec (Detection/Analysis), Searchlight Cyber (Technical Analysis).
Containment Measures: Blocking Exploitation Attempts (Sansec Shield)Patching Vulnerability (Recommended)
Remediation Measures: Apply Adobe Security UpdateMitigations per Adobe Advisory
Communication Strategy: Public Advisory by Adobe (2025-09-08)Sansec BulletinSearchlight Cyber Technical Analysis
Enhanced Monitoring: Sansec Shield (Ongoing Detection)
Incident : Vulnerability Exploitation ADO5132051102325
Incident Response Plan Activated: True
Third Party Assistance: Sansec, Assetnote/Searchlight Cyber.
Containment Measures: Blocking Exploit Attempts (250+ blocked)IP Blacklisting
Remediation Measures: Apply Adobe Hotfix (released 2025-09-09)Upgrade to Latest Secure VersionScan for Signs of Compromise
Communication Strategy: Public Advisory by SansecTechnical Deep-Dive by AssetnoteUrgent Patching Recommendations
Enhanced Monitoring: Monitor for Exploitation AttemptsScan for Webshells/phpinfo Probes
Incident : Vulnerability Exploitation ADO0092800102325
Third Party Assistance: Sansec (Warning & Analysis), Searchlight Cyber (Technical Analysis).
Containment Measures: Urgent Patch Application Recommended
Remediation Measures: Apply Adobe Security UpdatesMonitor for PHP WebshellsRestrict Access to '/customer/address_file/upload'
Communication Strategy: Public Advisory by SansecRevised Adobe Security Bulletin
Enhanced Monitoring: Monitor for Attacks from Known Malicious IPs
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Sansec Shield Detection/Blocking, , .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Sansec (research and advisory), , Sansec (Detection/Analysis), Searchlight Cyber (Technical Analysis), , Sansec, Assetnote/Searchlight Cyber, , Sansec (Warning & Analysis), Searchlight Cyber (Technical Analysis), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach, Malware ADO000100724
Type of Data Compromised: Passwords, Cryptographic Keys, Customer Data
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : Security Breach ADO000101024
Type of Data Compromised: Sensitive customer and merchant data
Sensitivity of Data: High
Incident : Vulnerability Exploitation ADO0402304102325
Type of Data Compromised: Session data (potential), Customer account access (if exploited)
Sensitivity of Data: High (If Sessions Include PII or Payment Data)
Data Exfiltration: Potential (Via PHP Webshells or Probes)
Personally Identifiable Information: Potential (If Session Data Includes PII)
Incident : Vulnerability Exploitation ADO5132051102325
Type of Data Compromised: Potential: customer account credentials, Session data, Sensitive information (if rce achieved)
Sensitivity of Data: High (if PII or payment data accessed)
Data Exfiltration: Potential (if RCE achieved)
File Types Exposed: Potential: PHP files (webshells)Session filesDatabase dumps (if RCE)
Personally Identifiable Information: Potential (if customer accounts compromised)
Incident : Vulnerability Exploitation ADO0092800102325
Type of Data Compromised: Customer account credentials (potential)
Sensitivity of Data: High (Account Takeover Risk)
Data Exfiltration: PHP Configuration Information (via phpinfo Probing)
File Types Exposed: PHP Webshells
Personally Identifiable Information: Potential (If Accounts Compromised)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Adobe's critical update and warnings, Patch deployment (disables internal Magento functionality), Updated REST API documentation, , Apply Adobe Security Update, Mitigations per Adobe Advisory, , Apply Adobe Hotfix (released 2025-09-09), Upgrade to Latest Secure Version, Scan for Signs of Compromise, , Apply Adobe Security Updates, Monitor for PHP Webshells, Restrict Access to '/customer/address_file/upload', .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by waf rule deployed for adobe commerce on cloud customers, emergency patch release, , blocking exploitation attempts (sansec shield), patching vulnerability (recommended), , blocking exploit attempts (250+ blocked), ip blacklisting, , urgent patch application recommended and .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Vulnerability Exploitation ADO5132051102325
Regulatory Notifications: Potential GDPR/CCPA Notifications if PII Breached
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability Disclosure ADO1892518090925
Lessons Learned: Critical vulnerabilities in widely used e-commerce platforms can have severe, automated exploitation risks., Proactive patching and interim mitigations (e.g., WAF rules) are essential for high-severity flaws., Leaked hotfixes can accelerate threat actor exploit development, emphasizing the need for rapid response., Default configurations (e.g., file-system session storage) can amplify vulnerability impact.
Incident : Vulnerability Exploitation ADO0402304102325
Lessons Learned: Critical vulnerabilities in widely used e-commerce platforms can lead to rapid, large-scale exploitation if left unpatched., Default configurations (e.g., file-system session storage) can exacerbate risk., Slow patch adoption (62% unpatched after 6 weeks) highlights the need for automated update mechanisms or stricter enforcement.
Incident : Vulnerability Exploitation ADO5132051102325
Lessons Learned: Critical vulnerabilities in widely-used e-commerce platforms are prime targets for mass exploitation., Delayed patching significantly increases risk (only 38% patched at time of attacks)., Public disclosure of exploit details accelerates attacker activity (mass exploitation expected within 48 hours)., File-based session storage introduces higher risk of RCE in this vulnerability.
Incident : Vulnerability Exploitation ADO0092800102325
Lessons Learned: Delayed patching increases exploitation risk, as seen with 62% of Magento stores remaining vulnerable six weeks post-disclosure., Deserialization flaws in e-commerce platforms are high-value targets for threat actors, requiring prioritized remediation., Public PoC exploits accelerate attack timelines, necessitating proactive monitoring and defense-in-depth strategies.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability Disclosure ADO1892518090925
Recommendations: Immediately apply the Adobe-provided patch for CVE-2025-54236., Test the patch in staging environments to identify potential disruptions to custom/external code., Monitor for unusual REST API activity or session anomalies., Review and harden session storage configurations (avoid default file-system storage if possible)., Follow Adobe’s updated REST API documentation for secure implementation practices., Consider deploying WAF rules or behavioral protection for on-premise installations.Immediately apply the Adobe-provided patch for CVE-2025-54236., Test the patch in staging environments to identify potential disruptions to custom/external code., Monitor for unusual REST API activity or session anomalies., Review and harden session storage configurations (avoid default file-system storage if possible)., Follow Adobe’s updated REST API documentation for secure implementation practices., Consider deploying WAF rules or behavioral protection for on-premise installations.Immediately apply the Adobe-provided patch for CVE-2025-54236., Test the patch in staging environments to identify potential disruptions to custom/external code., Monitor for unusual REST API activity or session anomalies., Review and harden session storage configurations (avoid default file-system storage if possible)., Follow Adobe’s updated REST API documentation for secure implementation practices., Consider deploying WAF rules or behavioral protection for on-premise installations.Immediately apply the Adobe-provided patch for CVE-2025-54236., Test the patch in staging environments to identify potential disruptions to custom/external code., Monitor for unusual REST API activity or session anomalies., Review and harden session storage configurations (avoid default file-system storage if possible)., Follow Adobe’s updated REST API documentation for secure implementation practices., Consider deploying WAF rules or behavioral protection for on-premise installations.Immediately apply the Adobe-provided patch for CVE-2025-54236., Test the patch in staging environments to identify potential disruptions to custom/external code., Monitor for unusual REST API activity or session anomalies., Review and harden session storage configurations (avoid default file-system storage if possible)., Follow Adobe’s updated REST API documentation for secure implementation practices., Consider deploying WAF rules or behavioral protection for on-premise installations.Immediately apply the Adobe-provided patch for CVE-2025-54236., Test the patch in staging environments to identify potential disruptions to custom/external code., Monitor for unusual REST API activity or session anomalies., Review and harden session storage configurations (avoid default file-system storage if possible)., Follow Adobe’s updated REST API documentation for secure implementation practices., Consider deploying WAF rules or behavioral protection for on-premise installations.
Incident : Vulnerability Exploitation ADO0402304102325
Recommendations: Immediately apply Adobe's security patch for CVE-2025-54236., Audit session storage configurations; avoid file-system storage if possible., Deploy WAF rules or intrusion detection (e.g., Sansec Shield) to block exploitation attempts., Monitor for unusual REST API activity or PHP webshell artifacts., Educate customers on recognizing unauthorized account access.Immediately apply Adobe's security patch for CVE-2025-54236., Audit session storage configurations; avoid file-system storage if possible., Deploy WAF rules or intrusion detection (e.g., Sansec Shield) to block exploitation attempts., Monitor for unusual REST API activity or PHP webshell artifacts., Educate customers on recognizing unauthorized account access.Immediately apply Adobe's security patch for CVE-2025-54236., Audit session storage configurations; avoid file-system storage if possible., Deploy WAF rules or intrusion detection (e.g., Sansec Shield) to block exploitation attempts., Monitor for unusual REST API activity or PHP webshell artifacts., Educate customers on recognizing unauthorized account access.Immediately apply Adobe's security patch for CVE-2025-54236., Audit session storage configurations; avoid file-system storage if possible., Deploy WAF rules or intrusion detection (e.g., Sansec Shield) to block exploitation attempts., Monitor for unusual REST API activity or PHP webshell artifacts., Educate customers on recognizing unauthorized account access.Immediately apply Adobe's security patch for CVE-2025-54236., Audit session storage configurations; avoid file-system storage if possible., Deploy WAF rules or intrusion detection (e.g., Sansec Shield) to block exploitation attempts., Monitor for unusual REST API activity or PHP webshell artifacts., Educate customers on recognizing unauthorized account access.
Incident : Vulnerability Exploitation ADO5132051102325
Recommendations: Immediately apply the Adobe hotfix or upgrade to the latest secure version of Adobe Commerce/Magento Open Source., Audit session storage configurations (prioritize moving away from file-based storage if possible)., Monitor for indicators of compromise (e.g., PHP webshells, unusual phpinfo requests)., Block known malicious IPs associated with exploitation attempts (shared by Sansec)., Enable WAF rules to detect and block SessionReaper exploitation patterns., Conduct a thorough review of customer accounts for signs of unauthorized access., Educate customers on phishing risks, as compromised accounts may be used for further attacks.Immediately apply the Adobe hotfix or upgrade to the latest secure version of Adobe Commerce/Magento Open Source., Audit session storage configurations (prioritize moving away from file-based storage if possible)., Monitor for indicators of compromise (e.g., PHP webshells, unusual phpinfo requests)., Block known malicious IPs associated with exploitation attempts (shared by Sansec)., Enable WAF rules to detect and block SessionReaper exploitation patterns., Conduct a thorough review of customer accounts for signs of unauthorized access., Educate customers on phishing risks, as compromised accounts may be used for further attacks.Immediately apply the Adobe hotfix or upgrade to the latest secure version of Adobe Commerce/Magento Open Source., Audit session storage configurations (prioritize moving away from file-based storage if possible)., Monitor for indicators of compromise (e.g., PHP webshells, unusual phpinfo requests)., Block known malicious IPs associated with exploitation attempts (shared by Sansec)., Enable WAF rules to detect and block SessionReaper exploitation patterns., Conduct a thorough review of customer accounts for signs of unauthorized access., Educate customers on phishing risks, as compromised accounts may be used for further attacks.Immediately apply the Adobe hotfix or upgrade to the latest secure version of Adobe Commerce/Magento Open Source., Audit session storage configurations (prioritize moving away from file-based storage if possible)., Monitor for indicators of compromise (e.g., PHP webshells, unusual phpinfo requests)., Block known malicious IPs associated with exploitation attempts (shared by Sansec)., Enable WAF rules to detect and block SessionReaper exploitation patterns., Conduct a thorough review of customer accounts for signs of unauthorized access., Educate customers on phishing risks, as compromised accounts may be used for further attacks.Immediately apply the Adobe hotfix or upgrade to the latest secure version of Adobe Commerce/Magento Open Source., Audit session storage configurations (prioritize moving away from file-based storage if possible)., Monitor for indicators of compromise (e.g., PHP webshells, unusual phpinfo requests)., Block known malicious IPs associated with exploitation attempts (shared by Sansec)., Enable WAF rules to detect and block SessionReaper exploitation patterns., Conduct a thorough review of customer accounts for signs of unauthorized access., Educate customers on phishing risks, as compromised accounts may be used for further attacks.Immediately apply the Adobe hotfix or upgrade to the latest secure version of Adobe Commerce/Magento Open Source., Audit session storage configurations (prioritize moving away from file-based storage if possible)., Monitor for indicators of compromise (e.g., PHP webshells, unusual phpinfo requests)., Block known malicious IPs associated with exploitation attempts (shared by Sansec)., Enable WAF rules to detect and block SessionReaper exploitation patterns., Conduct a thorough review of customer accounts for signs of unauthorized access., Educate customers on phishing risks, as compromised accounts may be used for further attacks.Immediately apply the Adobe hotfix or upgrade to the latest secure version of Adobe Commerce/Magento Open Source., Audit session storage configurations (prioritize moving away from file-based storage if possible)., Monitor for indicators of compromise (e.g., PHP webshells, unusual phpinfo requests)., Block known malicious IPs associated with exploitation attempts (shared by Sansec)., Enable WAF rules to detect and block SessionReaper exploitation patterns., Conduct a thorough review of customer accounts for signs of unauthorized access., Educate customers on phishing risks, as compromised accounts may be used for further attacks.
Incident : Vulnerability Exploitation ADO0092800102325
Recommendations: Immediately apply Adobe’s security patches for CVE-2025-54236 and CVE-2024-34102., Monitor network traffic for connections to/from the identified malicious IP addresses (34.227.25[.]4, 44.212.43[.]34, 54.205.171[.]35, 155.117.84[.]134, 159.89.12[.]166)., Audit PHP upload directories (e.g., '/customer/address_file/upload') for unauthorized webshells or backdoors., Implement Web Application Firewalls (WAFs) with rules to detect and block exploitation attempts targeting REST APIs., Conduct regular vulnerability scans and penetration testing for e-commerce platforms, prioritizing deserialization and input validation flaws., Educate developers on secure coding practices to mitigate improper input validation and deserialization risks.Immediately apply Adobe’s security patches for CVE-2025-54236 and CVE-2024-34102., Monitor network traffic for connections to/from the identified malicious IP addresses (34.227.25[.]4, 44.212.43[.]34, 54.205.171[.]35, 155.117.84[.]134, 159.89.12[.]166)., Audit PHP upload directories (e.g., '/customer/address_file/upload') for unauthorized webshells or backdoors., Implement Web Application Firewalls (WAFs) with rules to detect and block exploitation attempts targeting REST APIs., Conduct regular vulnerability scans and penetration testing for e-commerce platforms, prioritizing deserialization and input validation flaws., Educate developers on secure coding practices to mitigate improper input validation and deserialization risks.Immediately apply Adobe’s security patches for CVE-2025-54236 and CVE-2024-34102., Monitor network traffic for connections to/from the identified malicious IP addresses (34.227.25[.]4, 44.212.43[.]34, 54.205.171[.]35, 155.117.84[.]134, 159.89.12[.]166)., Audit PHP upload directories (e.g., '/customer/address_file/upload') for unauthorized webshells or backdoors., Implement Web Application Firewalls (WAFs) with rules to detect and block exploitation attempts targeting REST APIs., Conduct regular vulnerability scans and penetration testing for e-commerce platforms, prioritizing deserialization and input validation flaws., Educate developers on secure coding practices to mitigate improper input validation and deserialization risks.Immediately apply Adobe’s security patches for CVE-2025-54236 and CVE-2024-34102., Monitor network traffic for connections to/from the identified malicious IP addresses (34.227.25[.]4, 44.212.43[.]34, 54.205.171[.]35, 155.117.84[.]134, 159.89.12[.]166)., Audit PHP upload directories (e.g., '/customer/address_file/upload') for unauthorized webshells or backdoors., Implement Web Application Firewalls (WAFs) with rules to detect and block exploitation attempts targeting REST APIs., Conduct regular vulnerability scans and penetration testing for e-commerce platforms, prioritizing deserialization and input validation flaws., Educate developers on secure coding practices to mitigate improper input validation and deserialization risks.Immediately apply Adobe’s security patches for CVE-2025-54236 and CVE-2024-34102., Monitor network traffic for connections to/from the identified malicious IP addresses (34.227.25[.]4, 44.212.43[.]34, 54.205.171[.]35, 155.117.84[.]134, 159.89.12[.]166)., Audit PHP upload directories (e.g., '/customer/address_file/upload') for unauthorized webshells or backdoors., Implement Web Application Firewalls (WAFs) with rules to detect and block exploitation attempts targeting REST APIs., Conduct regular vulnerability scans and penetration testing for e-commerce platforms, prioritizing deserialization and input validation flaws., Educate developers on secure coding practices to mitigate improper input validation and deserialization risks.Immediately apply Adobe’s security patches for CVE-2025-54236 and CVE-2024-34102., Monitor network traffic for connections to/from the identified malicious IP addresses (34.227.25[.]4, 44.212.43[.]34, 54.205.171[.]35, 155.117.84[.]134, 159.89.12[.]166)., Audit PHP upload directories (e.g., '/customer/address_file/upload') for unauthorized webshells or backdoors., Implement Web Application Firewalls (WAFs) with rules to detect and block exploitation attempts targeting REST APIs., Conduct regular vulnerability scans and penetration testing for e-commerce platforms, prioritizing deserialization and input validation flaws., Educate developers on secure coding practices to mitigate improper input validation and deserialization risks.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Critical vulnerabilities in widely used e-commerce platforms can have severe, automated exploitation risks.,Proactive patching and interim mitigations (e.g., WAF rules) are essential for high-severity flaws.,Leaked hotfixes can accelerate threat actor exploit development, emphasizing the need for rapid response.,Default configurations (e.g., file-system session storage) can amplify vulnerability impact.Critical vulnerabilities in widely used e-commerce platforms can lead to rapid, large-scale exploitation if left unpatched.,Default configurations (e.g., file-system session storage) can exacerbate risk.,Slow patch adoption (62% unpatched after 6 weeks) highlights the need for automated update mechanisms or stricter enforcement.Critical vulnerabilities in widely-used e-commerce platforms are prime targets for mass exploitation.,Delayed patching significantly increases risk (only 38% patched at time of attacks).,Public disclosure of exploit details accelerates attacker activity (mass exploitation expected within 48 hours).,File-based session storage introduces higher risk of RCE in this vulnerability.Delayed patching increases exploitation risk, as seen with 62% of Magento stores remaining vulnerable six weeks post-disclosure.,Deserialization flaws in e-commerce platforms are high-value targets for threat actors, requiring prioritized remediation.,Public PoC exploits accelerate attack timelines, necessitating proactive monitoring and defense-in-depth strategies.
References
Where can I find more information about each incident ?
Incident : Vulnerability Disclosure ADO1892518090925
Source: Sansec Advisory on SessionReaper
Incident : Vulnerability Disclosure ADO1892518090925
Source: Adobe Security Bulletin for CVE-2025-54236
Incident : Vulnerability Disclosure ADO1892518090925
Source: Adobe Commerce REST API Documentation Updates
Incident : Vulnerability Exploitation ADO0402304102325
Source: Adobe Security Bulletin (CVE-2025-54236)
Date Accessed: 2025-09-08
Incident : Vulnerability Exploitation ADO0402304102325
Source: Sansec Bulletin on SessionReaper Exploitation
Date Accessed: 2025-10-20 (approx., 6 weeks post-patch)
Incident : Vulnerability Exploitation ADO0402304102325
Source: Searchlight Cyber Technical Analysis
Date Accessed: 2025-10-20 (approx.)
Incident : Vulnerability Exploitation ADO5132051102325
Source: Sansec Research Advisory
Date Accessed: 2025-09-11
Incident : Vulnerability Exploitation ADO5132051102325
Source: Assetnote/Searchlight Cyber Technical Deep-Dive by Tomais Williamson
Date Accessed: 2025-09-11
Incident : Vulnerability Exploitation ADO5132051102325
Source: Adobe Security Bulletin for CVE-2025-54236
Date Accessed: 2025-09-09
Incident : Vulnerability Exploitation ADO0092800102325
Source: Sansec Advisory on CVE-2025-54236 Exploitation
Incident : Vulnerability Exploitation ADO0092800102325
Source: Adobe Security Bulletin for CVE-2025-54236
Incident : Vulnerability Exploitation ADO0092800102325
Source: Searchlight Cyber Technical Analysis of CVE-2025-54236
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Sansec Advisory on SessionReaper, and Source: Adobe Security Bulletin for CVE-2025-54236, and Source: Adobe Commerce REST API Documentation Updates, and Source: Adobe Security Bulletin (CVE-2025-54236)Date Accessed: 2025-09-08, and Source: Sansec Bulletin on SessionReaper ExploitationDate Accessed: 2025-10-20 (approx., 6 weeks post-patch), and Source: Searchlight Cyber Technical AnalysisDate Accessed: 2025-10-20 (approx.), and Source: Sansec Research AdvisoryDate Accessed: 2025-09-11, and Source: Assetnote/Searchlight Cyber Technical Deep-Dive by Tomais WilliamsonDate Accessed: 2025-09-11, and Source: Adobe Security Bulletin for CVE-2025-54236Date Accessed: 2025-09-09, and Source: Sansec Advisory on CVE-2025-54236 Exploitation, and Source: Adobe Security Bulletin for CVE-2025-54236, and Source: Searchlight Cyber Technical Analysis of CVE-2025-54236.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Vulnerability Disclosure ADO1892518090925
Investigation Status: Ongoing (no active exploitation observed as of disclosure)
Incident : Vulnerability Exploitation ADO0402304102325
Investigation Status: Ongoing (Active Exploitation Confirmed; Patch Adoption Monitored)
Incident : Vulnerability Exploitation ADO5132051102325
Investigation Status: Ongoing (active exploitation attempts being monitored)
Incident : Vulnerability Exploitation ADO0092800102325
Investigation Status: Ongoing (Active Exploitation Confirmed)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Direct Notifications To Selected Customers (2025-09-04), Public Security Bulletin, Urgent Patching Advisory, Public Advisory By Adobe (2025-09-08), Sansec Bulletin, Searchlight Cyber Technical Analysis, Public Advisory By Sansec, Technical Deep-Dive By Assetnote, Urgent Patching Recommendations, Public Advisory By Sansec and Revised Adobe Security Bulletin.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Vulnerability Disclosure ADO1892518090925
Stakeholder Advisories: Adobe Notified Selected Commerce Customers On 2025-09-04 About The Upcoming Patch., Public Advisory Issued With Patch Release On 2025-09-09..
Customer Advisories: Urgent recommendation to apply the patch immediately.Warning about potential custom code breakage due to disabled internal functionality.Guidance to test the patch in non-production environments first.
Incident : Vulnerability Exploitation ADO0402304102325
Stakeholder Advisories: Adobe Commerce Administrators: Urgent Patching Required., E-Commerce Security Teams: Monitor For Indicators Of Compromise (Iocs) Tied To The 5 Attacker Ips., Customers: Watch For Unauthorized Account Activity..
Customer Advisories: Users of Adobe Commerce/Magento stores should:- Change passwords if suspicious activity is detected.- Enable multi-factor authentication (MFA) where available.- Monitor transaction histories for fraud.
Incident : Vulnerability Exploitation ADO5132051102325
Stakeholder Advisories: Urgent Patching Recommended For All Adobe Commerce/Magento Open Source Users.
Customer Advisories: Monitor accounts for unauthorized activityReport suspicious login attempts
Incident : Vulnerability Exploitation ADO0092800102325
Stakeholder Advisories: Adobe Security Bulletin Update, Sansec Public Warning.
Customer Advisories: Urgent Patch Notification for Magento/Adobe Commerce Users
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Adobe Notified Selected Commerce Customers On 2025-09-04 About The Upcoming Patch., Public Advisory Issued With Patch Release On 2025-09-09., Urgent Recommendation To Apply The Patch Immediately., Warning About Potential Custom Code Breakage Due To Disabled Internal Functionality., Guidance To Test The Patch In Non-Production Environments First., , Adobe Commerce Administrators: Urgent Patching Required., E-Commerce Security Teams: Monitor For Indicators Of Compromise (Iocs) Tied To The 5 Attacker Ips., Customers: Watch For Unauthorized Account Activity., Users Of Adobe Commerce/Magento Stores Should:, - Change Passwords If Suspicious Activity Is Detected., - Enable Multi-Factor Authentication (Mfa) Where Available., - Monitor Transaction Histories For Fraud., , Urgent Patching Recommended For All Adobe Commerce/Magento Open Source Users, Monitor Accounts For Unauthorized Activity, Report Suspicious Login Attempts, , Adobe Security Bulletin Update, Sansec Public Warning, Urgent Patch Notification For Magento/Adobe Commerce Users and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach, Malware ADO000100724
Entry Point: Critical Vulnerability (CVE-2024-34102)
Incident : Security Breach ADO000101024
Entry Point: CosmicSting vulnerability (CVE-2024-34102)
Backdoors Established: Backdoors installed
High Value Targets: Major brands
Data Sold on Dark Web: Major brands
Incident : Vulnerability Exploitation ADO0402304102325
Entry Point: Exploiting Cve-2025-54236 Via Rest Api,
Reconnaissance Period: ['Likely minimal (Opportunistic scans for unpatched systems)']
Backdoors Established: ['PHP Webshells (Observed in Attacks)']
High Value Targets: Customer Session Data, Payment Information (If Accessible),
Data Sold on Dark Web: Customer Session Data, Payment Information (If Accessible),
Incident : Vulnerability Exploitation ADO0092800102325
Entry Point: Commerce Rest Api (Cve-2025-54236), Php File Upload ('/Customer/Address File/Upload'),
Backdoors Established: ['PHP Webshells']
High Value Targets: Customer Account Data, Php Configuration Information,
Data Sold on Dark Web: Customer Account Data, Php Configuration Information,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach, Malware ADO000100724
Root Causes: Critical Vulnerability (CVE-2024-34102)
Incident : Vulnerability Disclosure ADO1892518090925
Root Causes: Vulnerability In Session Handling Via Commerce Rest Api (Cve-2025-54236)., Default Configuration Storing Session Data On The File System (Common Across Most Stores)., Potential Leak Of Initial Hotfix Accelerating Exploit Development.,
Corrective Actions: Patch Deployment To Disable Vulnerable Internal Functionality., Waf Rule Deployment For Cloud Customers As Interim Mitigation., Documentation Updates For Secure Rest Api Usage.,
Incident : Vulnerability Exploitation ADO0402304102325
Root Causes: Improper Input Validation In Adobe Commerce Rest Api (Cve-2025-54236)., Default Insecure Session Storage Configuration (File-System)., Delayed Patch Adoption By Store Administrators.,
Corrective Actions: Adobe: Release Emergency Patch And Public Advisory., Sansec: Deploy Detection Rules And Block Exploitation Attempts., Store Administrators: Apply Patches, Reconfigure Session Storage, And Monitor For Iocs.,
Incident : Vulnerability Exploitation ADO5132051102325
Root Causes: Improper Input Validation In Session Handling (Cve-2025-54236)., Delayed Patching By Majority Of Users (62% Unpatched At Time Of Attacks)., File-Based Session Storage Increasing Severity To Rce In Some Configurations.,
Corrective Actions: Apply Security Patches Promptly Upon Release., Review And Harden Session Storage Mechanisms., Implement Network-Level Protections (E.G., Waf Rules) For Critical Vulnerabilities., Enhance Monitoring For Exploitation Attempts Post-Disclosure.,
Incident : Vulnerability Exploitation ADO0092800102325
Root Causes: Improper Input Validation In Adobe Commerce Rest Api (Cve-2025-54236)., Delayed Patch Application By 62% Of Magento Stores Post-Disclosure., Lack Of Sufficient Monitoring For Deserialization-Based Attacks In E-Commerce Platforms.,
Corrective Actions: Mandatory Patch Enforcement For Critical Vulnerabilities In Adobe Commerce/Magento., Enhanced Api Security Controls (E.G., Input Validation, Rate Limiting)., Automated Vulnerability Management For E-Commerce Platforms With Slas For Patching., Threat Intelligence Sharing To Preempt Exploitation Of Newly Disclosed Flaws.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Sansec (Research And Advisory), , Sansec (Detection/Analysis), Searchlight Cyber (Technical Analysis), , Sansec Shield (Ongoing Detection), , Sansec, Assetnote/Searchlight Cyber, , Monitor For Exploitation Attempts, Scan For Webshells/Phpinfo Probes, , Sansec (Warning & Analysis), Searchlight Cyber (Technical Analysis), , Monitor For Attacks From Known Malicious Ips, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patch Deployment To Disable Vulnerable Internal Functionality., Waf Rule Deployment For Cloud Customers As Interim Mitigation., Documentation Updates For Secure Rest Api Usage., , Adobe: Release Emergency Patch And Public Advisory., Sansec: Deploy Detection Rules And Block Exploitation Attempts., Store Administrators: Apply Patches, Reconfigure Session Storage, And Monitor For Iocs., , Apply Security Patches Promptly Upon Release., Review And Harden Session Storage Mechanisms., Implement Network-Level Protections (E.G., Waf Rules) For Critical Vulnerabilities., Enhance Monitoring For Exploitation Attempts Post-Disclosure., , Mandatory Patch Enforcement For Critical Vulnerabilities In Adobe Commerce/Magento., Enhanced Api Security Controls (E.G., Input Validation, Rate Limiting)., Automated Vulnerability Management For E-Commerce Platforms With Slas For Patching., Threat Intelligence Sharing To Preempt Exploitation Of Newly Disclosed Flaws., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unknown.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-09-08.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-09-11.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2025-09-09.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was Widespread financial losses.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Passwords, Cryptographic Keys, Customer Data, Sensitive customer and merchant data, Potential Customer Account Data (if exploited), , Potential Customer Account Data (Session Hijacking), , Potential Customer Account Takeover, Potential Sensitive Data Exposure (if RCE achieved), , Customer Account Data (Potential) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were Adobe CommerceMagento Open Source (default file-system session storage configurations) and Adobe Commerce (Magento) Platforms (Versions: 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier) and Adobe CommerceMagento Open Source and Adobe Commerce PlatformsMagento Open Source Platforms.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was sansec (research and advisory), , sansec (detection/analysis), searchlight cyber (technical analysis), , sansec, assetnote/searchlight cyber, , sansec (warning & analysis), searchlight cyber (technical analysis), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were WAF rule deployed for Adobe Commerce on Cloud customersEmergency patch release, Blocking Exploitation Attempts (Sansec Shield)Patching Vulnerability (Recommended), Blocking Exploit Attempts (250+ blocked)IP Blacklisting and Urgent Patch Application Recommended.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Passwords, Cryptographic Keys, Customer Data, Potential Customer Account Takeover, Potential Customer Account Data (Session Hijacking), Potential Sensitive Data Exposure (if RCE achieved), Customer Account Data (Potential), Sensitive customer and merchant data and Potential Customer Account Data (if exploited).
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Public PoC exploits accelerate attack timelines, necessitating proactive monitoring and defense-in-depth strategies.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Educate developers on secure coding practices to mitigate improper input validation and deserialization risks., Conduct a thorough review of customer accounts for signs of unauthorized access., Enable WAF rules to detect and block SessionReaper exploitation patterns., Implement Web Application Firewalls (WAFs) with rules to detect and block exploitation attempts targeting REST APIs., Monitor for indicators of compromise (e.g., PHP webshells, unusual phpinfo requests)., Block known malicious IPs associated with exploitation attempts (shared by Sansec)., Immediately apply Adobe’s security patches for CVE-2025-54236 and CVE-2024-34102., Conduct regular vulnerability scans and penetration testing for e-commerce platforms, prioritizing deserialization and input validation flaws., Test the patch in staging environments to identify potential disruptions to custom/external code., Audit PHP upload directories (e.g., '/customer/address_file/upload') for unauthorized webshells or backdoors., Audit session storage configurations (prioritize moving away from file-based storage if possible)., Monitor network traffic for connections to/from the identified malicious IP addresses (34.227.25[.]4, 44.212.43[.]34, 54.205.171[.]35, 155.117.84[.]134, 159.89.12[.]166)., Immediately apply the Adobe-provided patch for CVE-2025-54236., Educate customers on recognizing unauthorized account access., Immediately apply the Adobe hotfix or upgrade to the latest secure version of Adobe Commerce/Magento Open Source., Consider deploying WAF rules or behavioral protection for on-premise installations., Audit session storage configurations; avoid file-system storage if possible., Follow Adobe’s updated REST API documentation for secure implementation practices., Deploy WAF rules or intrusion detection (e.g., Sansec Shield) to block exploitation attempts., Review and harden session storage configurations (avoid default file-system storage if possible)., Monitor for unusual REST API activity or PHP webshell artifacts., Educate customers on phishing risks, as compromised accounts may be used for further attacks., Monitor for unusual REST API activity or session anomalies. and Immediately apply Adobe's security patch for CVE-2025-54236..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Sansec Advisory on SessionReaper, Searchlight Cyber Technical Analysis of CVE-2025-54236, Assetnote/Searchlight Cyber Technical Deep-Dive by Tomais Williamson, Searchlight Cyber Technical Analysis, Sansec Bulletin on SessionReaper Exploitation, Adobe Security Bulletin for CVE-2025-54236, Adobe Commerce REST API Documentation Updates, Adobe Security Bulletin (CVE-2025-54236), Sansec Advisory on CVE-2025-54236 Exploitation and Sansec Research Advisory.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (no active exploitation observed as of disclosure).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Adobe notified selected Commerce customers on 2025-09-04 about the upcoming patch., Public advisory issued with patch release on 2025-09-09., Adobe Commerce Administrators: Urgent patching required., E-Commerce Security Teams: Monitor for indicators of compromise (IoCs) tied to the 5 attacker IPs., Customers: Watch for unauthorized account activity., Urgent patching recommended for all Adobe Commerce/Magento Open Source users, Adobe Security Bulletin Update, Sansec Public Warning, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Urgent recommendation to apply the patch immediately.Warning about potential custom code breakage due to disabled internal functionality.Guidance to test the patch in non-production environments first., Users of Adobe Commerce/Magento stores should:- Change passwords if suspicious activity is detected.- Enable multi-factor authentication (MFA) where available.- Monitor transaction histories for fraud., Monitor accounts for unauthorized activityReport suspicious login attempts and Urgent Patch Notification for Magento/Adobe Commerce Users.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an CosmicSting vulnerability (CVE-2024-34102) and Critical Vulnerability (CVE-2024-34102).
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Likely minimal (Opportunistic scans for unpatched systems).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Critical Vulnerability (CVE-2024-34102), Vulnerability in session handling via Commerce REST API (CVE-2025-54236).Default configuration storing session data on the file system (common across most stores).Potential leak of initial hotfix accelerating exploit development., Improper input validation in Adobe Commerce REST API (CVE-2025-54236).Default insecure session storage configuration (file-system).Delayed patch adoption by store administrators., Improper input validation in session handling (CVE-2025-54236).Delayed patching by majority of users (62% unpatched at time of attacks).File-based session storage increasing severity to RCE in some configurations., Improper input validation in Adobe Commerce REST API (CVE-2025-54236).Delayed patch application by 62% of Magento stores post-disclosure.Lack of sufficient monitoring for deserialization-based attacks in e-commerce platforms..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Patch deployment to disable vulnerable internal functionality.WAF rule deployment for cloud customers as interim mitigation.Documentation updates for secure REST API usage., Adobe: Release emergency patch and public advisory.Sansec: Deploy detection rules and block exploitation attempts.Store Administrators: Apply patches, reconfigure session storage, and monitor for IoCs., Apply security patches promptly upon release.Review and harden session storage mechanisms.Implement network-level protections (e.g., WAF rules) for critical vulnerabilities.Enhance monitoring for exploitation attempts post-disclosure., Mandatory patch enforcement for critical vulnerabilities in Adobe Commerce/Magento.Enhanced API security controls (e.g., input validation, rate limiting).Automated vulnerability management for e-commerce platforms with SLAs for patching.Threat intelligence sharing to preempt exploitation of newly disclosed flaws..
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=adobe-commerce' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
