CVE-2025-22385
CVSS 3.1 Score 5.9 of 10 (medium)
Details
Published Jan 4, 2025
Updated: Jan 6, 2025
CWE ID 862
Summary
CVE-2025-22385 is a medium-severity vulnerability affecting Optimizely's Configured Commerce before version 5.2.2408. The Commerce B2B application fails to require email confirmation for newly created accounts, enabling the mass creation of accounts. This issue poses a risk to database storage due to the increased number of accounts, and unauthorized storefront accounts can be generated on behalf of visitors.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Configured Commerce
Affected Vendors
- Optimizely