Serious vulnerability causes more than 95,000 Adobe Magento servers to be attacked, Vietnamese businesses need to respond urgently

More than 95,000 Magento (Adobe Commerce) servers worldwide are being attacked by a serious vulnerability called Session Reaper. This vulnerability allows hackers to take advantage of a user's login session to execute code remotely and take control of the entire system.

Bkav cybersecurity experts assess that Vietnam is among the countries at high risk of being attacked by this vulnerability.

Magento is an open source e-commerce content management system (E-commerce CMS), developed by Magento Inc. Magento was first released in 2008 and has now become one of the most popular e-commerce platforms in the world , used by thousands of large businesses and online stores.

Mr. Hoang Truong Khuong, a cybersecurity expert at Bkav, said the SessionReaper vulnerability comes from the way Magento processes data through Web API, allowing attackers to insert malicious content into the session and upload a web shell – a malicious file that helps maintain access and control over the server.

Successful exploitation could allow an attacker to gain administrative privileges, leak payment data, or create fake admin accounts to extend the scope of the attack. Adobe Commerce and Magento Open Source versions released before October 2025, including branches 2.4.9-alpha2 and below, are vulnerable to this vulnerability.

In just 48 hours after the exploit code was made public, the world recorded more than 300 automated attacks targeting more than 130 Magento servers. According to statistics from Sansec Shield, although Adobe released an emergency patch in early September, about 62% of Magento stores have not been updated.

With over 95,000 Magento servers operating publicly worldwide, this means thousands of e-commerce websites are still vulnerable to attack. A delay of just one day in updating can cause serious damage to businesses.

In Vietnam, many e-commerce platforms, including hundreds of famous brands in the fields of retail, fashion and technology, are using Magento. Research, surveys and experience from Bkav's cybersecurity incident handling process all show that this is the most vulnerable target group because most systems do not have a regular patching process or lack a defense layer at the application layer (WAF).

Meanwhile, old Magento versions or uncontrolled REST API modules are considered high-risk groups, with the potential to be quickly exploited by hackers if not updated promptly.

Bkav recommends that Magento system administrators in Vietnam urgently update the official patch from Adobe, and activate the web application firewall (WAF) to filter and block unusual packets. Businesses should review the entire system, especially checking for the appearance of strange PHP files in the directory, and review newly created administrative accounts. In case of suspected intrusion, it is necessary to isolate the server, restore from a clean backup and change all passwords and access keys.