CVE-2025-22384

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 4, 2025
Updated: Jan 6, 2025
CWE ID 472

Summary

CVE-2025-22384 is a medium-severity business logic vulnerability affecting Optimizely Configured Commerce before version 5.2.2408. In specific scenarios, storefront visitors can purchase discontinued products, bypassing the intended availability restrictions. This issue arises due to requests being altered before they reach the server. This vulnerability could potentially lead to unintended sales and revenue loss for affected businesses.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Configured Commerce

Affected Vendors

  • Optimizely