CVE-2025-22386
CVSS 3.1 Score 7.3 of 10 (high)
Details
Summary
CVE-2025-22386 is a medium-severity session issue affecting Optimizely's Configured Commerce before version 5.2.2408. This vulnerability lies within the Commerce B2B application of the storefront. It permits session tokens associated with terminated sessions to remain active and accessible, potentially leading to unauthorized access to user accounts. This flaw could enable attackers to impersonate legitimate users and manipulate their data or transactions. Users are advised to upgrade to the latest version of Optimizely's Configured Commerce to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Configured Commerce
Affected Vendors
- Optimizely