More than 95,000 Magento (Adobe Commerce) servers are currently under attack due to a critical vulnerability named Session Reaper, which allows hackers to hijack user login sessions, execute remote code, and gain full control over affected systems.
According to a recent alert from Vietnamese cybersecurity firm Bkav, the Session Reaper vulnerability stems from how Magento handles data via its Web API. This flaw enables attackers to inject malicious content into user sessions and upload a web shell—a type of malware that grants persistent access and control over the server.
Within just 48 hours of the public release of the exploit code, over 300 automated attacks targeting more than 130 Magento servers were recorded globally.
Bkav cybersecurity experts warn that Vietnam is among the countries at highest risk of being targeted by this vulnerability.
In Vietnam, many e-commerce platforms, including hundreds of well-known brands in retail, fashion, and technology, rely on Magento, making them particularly vulnerable.
Bkav’s incident response investigations reveal that these organizations are especially susceptible due to the lack of regular patching procedures and insufficient application-layer defenses, such as Web Application Firewalls (WAF).
Older versions of Magento and unmonitored REST API modules are considered high-risk, as they can be quickly exploited by attackers if not promptly updated.
Bkav strongly urges Magento system administrators in Vietnam to immediately apply Adobe’s official security patch and enable WAF protection to detect and block abnormal traffic.
Google translate