CVE-2025-22385

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Jan 4, 2025
Updated: Jan 6, 2025
CWE ID 862

Summary

CVE-2025-22385 is a medium-severity vulnerability affecting Optimizely's Configured Commerce before version 5.2.2408. The Commerce B2B application fails to require email confirmation for newly created accounts, enabling the mass creation of accounts. This issue poses a risk to database storage due to the increased number of accounts, and unauthorized storefront accounts can be generated on behalf of visitors.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Configured Commerce

Affected Vendors

  • Optimizely