Urgent Security Alert: Hundreds of Adobe Commerce and Magento Stores Targeted by Active Attacks
A critical security vulnerability is being actively exploited by threat actors, placing hundreds of Adobe Commerce and Magento e-commerce stores at significant risk. This widespread campaign is leveraging a newly identified flaw to inject malicious code, steal sensitive customer data, and potentially take complete control of affected websites. Store owners and administrators must take immediate action to protect their businesses and their customers.
The vulnerability, tracked as CVE-2025-54236, is a severe security flaw that allows attackers to bypass security measures and execute arbitrary code on a server. This type of vulnerability is particularly dangerous because it can be exploited remotely without requiring any authentication, meaning attackers can target vulnerable stores automatically and at scale.
The Goal of the Attacks: Data Theft and Backdoors
Security researchers have documented over 250 separate attacks specifically targeting this vulnerability. The primary objective for these cybercriminals appears to be financial gain through credit card skimming. Attackers are injecting malicious scripts, often referred to as “skimmers,” into the checkout pages of compromised stores. These scripts silently capture customer payment information—including credit card numbers, names, and CVV codes—as it’s entered and send it directly to servers controlled by the attackers.
In addition to data theft, attackers are also using the exploit to:
- Install malicious backdoors: This allows them to maintain persistent access to the server even if the initial vulnerability is patched.
- Create unauthorized admin accounts: Giving them full control over the e-commerce store’s operations, products, and customer data.
- Redirect website traffic: Sending potential customers to fraudulent or malicious websites.
The consequences of a successful attack are severe, leading to significant financial loss, damage to your brand’s reputation, and loss of customer trust.
How to Protect Your E-commerce Store Immediately
If you are running a store on Adobe Commerce or Magento, inaction is not an option. The threat is active, and automated scans are likely already searching for unpatched websites. Follow these critical steps to secure your platform now.
1. Apply the Latest Security Patches from Adobe
This is the single most important step you can take. Adobe has released security updates to address CVE-2025-54236. Update your platform to the latest patched version immediately. Postponing this update leaves your store exposed to automated attacks that are currently underway.
2. Scan Your System for Indicators of Compromise (IOCs)
Even after patching, you must check if your store has already been compromised. Look for recently modified core files, suspicious new files (especially in media or temporary directories), and any unrecognized administrative user accounts. A thorough code and database audit is highly recommended to search for malicious scripts or injected code.
3. Deploy a Web Application Firewall (WAF)
A properly configured WAF can provide a crucial layer of defense by blocking malicious requests before they ever reach your website. A WAF can help filter and monitor traffic, offering protection against a wide range of exploits, including attempts to leverage this specific vulnerability.
4. Review and Harden User Access Controls
Ensure that all user accounts, especially those with administrative privileges, are secured with strong, unique passwords and two-factor authentication (2FA). Limit file and directory permissions to the minimum required for the platform to function, preventing unauthorized code from being executed.
5. Ensure You Have Recent, Clean Backups
Maintain a regular backup schedule for both your website files and your database. Store these backups in a secure, off-site location. In a worst-case scenario where a compromise is detected, having a clean backup will be essential for a swift and effective recovery.
The current wave of attacks serves as a stark reminder that proactive security is essential for any e-commerce business. By taking these decisive steps, you can protect your store, secure your customer data, and maintain the integrity of your online operations.
Source: https://securityaffairs.com/183754/hacking/over-250-attacks-hit-adobe-commerce-and-magento-via-critical-cve-2025-54236-flaw.html
