CVE-2025-22384
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Jan 4, 2025
Updated: Jan 6, 2025
CWE ID 472
Summary
CVE-2025-22384 is a medium-severity business logic vulnerability affecting Optimizely Configured Commerce before version 5.2.2408. In specific scenarios, storefront visitors can purchase discontinued products, bypassing the intended availability restrictions. This issue arises due to requests being altered before they reach the server. This vulnerability could potentially lead to unintended sales and revenue loss for affected businesses.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Configured Commerce
Affected Vendors
- Optimizely