CVE-2025-22386

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Jan 4, 2025

Updated: Jan 6, 2025

CWE ID 613

Summary

CVE-2025-22386 is a medium-severity session issue affecting Optimizely's Configured Commerce before version 5.2.2408. The Commerce B2B application is the target, with a vulnerability that extends the lifespan of active sessions in the storefront beyond logout. As a result, session tokens tied to logged-out sessions remain usable, posing a potential security risk. Attackers could exploit this flaw to gain unauthorized access or perform unintended actions on behalf of other users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Configured Commerce

Affected Vendors

Optimizely

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2KG7cb
https://www.cve.org/CVERecord?id=CVE-2025-22386
https://nvd.nist.gov/vuln/detail/CVE-2025-22386

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners