UPDATE: A critical security patch has been planned outside of schedule for almost all versions of Magento 2 to fix a severe vulnerability named SessionReaper (CVE-2025-54236). Automated exploits of this vulnerability are expected to follow quickly. 
The patch will be released on 09.09.2025. We recommend immediate action.

What is the SessionReaper Vulnerability (CVE-2025-54236)?

The SessionReaper vulnerability is a critical flaw that could allow attackers to hijack active sessions. In the worst-case scenario, this could allow them to gain administrative privileges, manipulate your store, steal customer data, or inject malicious scripts. Due to the ease of exploitation, this vulnerability poses an extremely high risk.

What You Must Do Now

You must patch your Magento system immediately. If you do not act quickly, your store is at high risk of being compromised by attackers.

Vandelay Industries is Your Partner for Immediate Action

Time is of the essence, and correctly applying a patch requires technical expertise. As your reliable partner for Magento solutions, Vandelay Industries is ready to help you secure your store right away.

We offer:

• Rapid Patch Installation: We will professionally and immediately apply the security patch to your system.

• Store Review: After the patching process, we will perform a review to ensure there have been no prior compromises.

• Transparent Communication: We will keep you informed throughout the entire process.

Don’t leave your online store’s security to chance. Do not hesitate to contact us now to schedule a patching appointment.

Act now and protect your store!

Contact us via the contact form below or send us an email at security@vndl.me to secure your store today.