100% Client Coverage for Urgent Adobe Security Patch APSB25-08 - February 2025

Since Magento stores manage payment information and personal data, delaying the APSB25-08 patch could leave businesses and our clients vulnerable to data breaches, financial loss, and reputational damage. Cybercriminals are quick to exploit newly discovered vulnerabilities, making it critical for merchants to apply the update immediately in order to protect their stores and maintain customer trust. We were aware that the patch was in the release schedule, but since Adobe does not disclose specific details about fixes in advance, we only learned of the severity of the vulnerabilities after the patch was released later that afternoon. Given the urgency, our top priority the following day was to swiftly install and deploy the patches for our support clients, ensuring we remained proactive in keeping their stores secure.

Within the first few hours of the morning, urgent tickets were raised to notify clients about the severity of the patch and need for immediate action. Due to the critical nature of the issue, we informed our clients that we would proceed with applying the patches and promptly scheduled the work with our development team.

After implementing the patches on clients' development environments, our account managers and developers collaborated on testing to confirm that the patches had been successfully applied and were safe for deployment to production. This proactive approach relieved our clients of the burden of testing and approval, requiring minimal involvement beyond coordinating a suitable time for the production rollout. We successfully deployed the patches within 24 hours for 90% of our clients. The remaining 10% faced minor, non-complex issues during the patch installation/testing on development sites, which were quickly resolved. This allowed us to complete the rollout by the end of the week, ensuring that all our support clients were fully patched before our offices closed for the weekend.

100% of our clients experienced a seamless transition with no issues after deployment to their production sites.

If your agency hasn’t reached out to you regarding this patch, we strongly advise contacting them as soon as possible. It’s also worth asking why they haven’t taken a more proactive approach. This is a critical update that cannot be ignored; your site and customer data could be at significant risk.

For interested parties with technical understanding: we approached this using a composer patches solution (https://github.com/cweagans/composer-patches), enabling our developers to install the patch quickly and efficiently, with consistency across projects. To do so we split the patches on a per module basis. It also means we can commit the patches to git, so that all environments for each site remain consistent - this is an essential requirement for any good dev team.
Do be aware if taking this approach that the patch will inevitably be bundled into a future full release and so will need removing at some point.

Get in touch to see how Absolute can support you in the day-to-day up-keep of your existing website and improve site performance with our audits.