CVE-2025-22386

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Jan 4, 2025
Updated: Jan 6, 2025
CWE ID 613

Summary

CVE-2025-22386 is a medium-severity session issue affecting Optimizely's Configured Commerce before version 5.2.2408. This vulnerability lies within the Commerce B2B application of the storefront. It permits session tokens associated with terminated sessions to remain active and accessible, potentially leading to unauthorized access to user accounts. This flaw could enable attackers to impersonate legitimate users and manipulate their data or transactions. Users are advised to upgrade to the latest version of Optimizely's Configured Commerce to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Configured Commerce

Affected Vendors

  • Optimizely