Over 250 Magento Stores Breached Overnight Through Critical Adobe Commerce Flaw
Executive Summary
In October 2025, over 250 Magento and Adobe Commerce online stores were compromised in less than 24 hours after attackers exploited a newly disclosed critical vulnerability, CVE-2025-54236 (CVSS 9.1). The flaw, stemming from improper input validation, allowed threat actors to compromise e-commerce shops directly via their web applications, enabling unauthorized access, data exfiltration, and potential payment card theft. Security researchers observed an automated wave of exploitation attempts soon after public disclosure, underlining how rapidly threat actors weaponize emerging vulnerabilities for financial gain and to cause operational disruption.
This incident highlights the urgent need for rapid patch management and layered web application defenses, as attackers increasingly leverage zero-day and recently disclosed vulnerabilities to target widely used commerce platforms, further increasing risks to consumer data and regulatory compliance for online retailers.
Why This Matters Now
This breach demonstrates how quickly attackers mobilize to exploit new web application vulnerabilities affecting major commerce platforms. With over 250 stores targeted overnight, the incident emphasizes the need for continuous monitoring, immediate patching, and proactive segmentation to protect customer data and maintain business continuity.
Attack Path Analysis
Attackers exploited the new CVE-2025-54236 vulnerability in Adobe Commerce and Magento stores to gain unauthorized web application access. After initial compromise, they likely leveraged application flaws to escalate privileges within the e-commerce platform or hosting environment. The adversaries moved laterally to access sensitive backend systems or databases. They established command and control by enabling malicious outbound communications or scripts from compromised resources. Exfiltration followed, with attackers exporting payment or personal data outside the environment. Finally, the attack impacted business operations through defacement, data theft, or insertion of malicious code, resulting in service disruption and reputational harm.
Kill Chain Progression
Initial Compromise
Description
Attackers exploited the critical input validation flaw (CVE-2025-54236) to gain unauthorized access to Magento web stores.
Related CVEs
CVE-2025-54236
CVSS 9.1An improper input validation vulnerability in Adobe Commerce and Magento Open Source allows unauthenticated attackers to achieve session takeover, leading to high confidentiality and integrity impact.
Affected Products:
Adobe Adobe Commerce – 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15, and earlier
Adobe Magento Open Source – 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15, and earlier
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Exploit Public-Facing Application
Command and Scripting Interpreter
Valid Accounts
Server Software Component: Web Shell
Exploitation of Remote Services
Phishing: Spearphishing Attachment
Exfiltration Over Alternative Protocol
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Install Critical Security Patches
Control ID: 6.2.4
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA (Digital Operational Resilience Act) – ICT Risk Management
Control ID: Art. 9
CISA Zero Trust Maturity Model 2.0 – Secure and Monitor Applications
Control ID: Applications Pillar - Protect
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Art. 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Retail Industry
Direct exposure to Magento/Adobe Commerce CVE-2025-54236 exploitation affecting 250+ stores overnight, requiring immediate web application security updates and egress policy enforcement.
Consumer Goods
High vulnerability through e-commerce platforms using Adobe Commerce, facing web application exploitation risks with critical need for zero trust segmentation implementation.
Fashion/Apparel
Significant threat from Magento store attacks targeting customer data, requiring enhanced threat detection, anomaly response capabilities, and PCI compliance strengthening measures.
Information Technology/IT
Critical responsibility for securing client e-commerce infrastructures against CVE-2025-54236, necessitating multicloud visibility, inline IPS deployment, and kubernetes security enhancement.
Sources
- Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flawhttps://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.htmlVerified
- Adobe Security Bulletin APSB25-88https://helpx.adobe.com/security/products/magento/apsb25-88.htmlVerified
- CISA Known Exploited Vulnerabilities Catalog Entry for CVE-2025-54236https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-54236Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Zero Trust controls such as microsegmentation, strict east-west policy enforcement, real-time traffic inspection, and centralized egress security would have limited attacker movement, detected anomalous activity, and blocked data exfiltration attempts. By rapidly isolating compromised workloads and enforcing least privilege, CNSF solutions can disrupt each stage of the web exploit-driven attack lifecycle.
Control: Inline IPS (Suricata)
Mitigation: Known exploit payloads or malicious signatures would be detected and blocked in real time.
Control: Zero Trust Segmentation
Mitigation: Microsegmentation restricts lateral privilege escalation paths and limits attacker escalation.
Control: East-West Traffic Security
Mitigation: Lateral attacker traffic is blocked or monitored with east-west inspection.
Control: Cloud Firewall (ACF)
Mitigation: Suspicious outbound connections are detected and blocked at the network perimeter.
Control: Egress Security & Policy Enforcement
Mitigation: Data exfiltration attempts are detected, blocked, or logged for immediate response.
Anomalous behaviors are rapidly detected and alerts generated for incident response.
Impact at a Glance
Affected Business Functions
- E-commerce Transactions
- Customer Data Management
- Order Processing
Estimated downtime: 3 days
Estimated loss: $500,000
Potential exposure of customer personal and payment information due to session takeover.
Recommended Actions
Key Takeaways & Next Steps
- • Immediately patch all Magento and Adobe Commerce instances against CVE-2025-54236 and monitor for exploitation attempts.
- • Deploy inline IPS and network microsegmentation to block exploit delivery and restrict workload communications.
- • Enforce strict east-west and egress network policies to limit lateral attacker movement and prevent data exfiltration.
- • Leverage anomaly detection and real-time threat intelligence for rapid discovery of unauthorized activities.
- • Regularly review centralized visibility and policy controls across multicloud/hybrid infrastructure to identify configuration drift or policy gaps.
