Adobe released an emergency fix for “SessionReaper,” a critical Adobe Commerce/Magento flaw (CVE-2025-542360, CVSS 9.1) enabling session hijacking and potentially unauthenticated RCE. No in-the-wild exploitation reported; patches and guidance are available.