CVE-2025-22384

HIGH

Optimizely Configured Commerce <5.2.2408 - Info Disclosure

Title source: llm
STIX 2.1

Description

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server.

References (1)

Scores

CVSS v3 7.5
EPSS 0.0027
EPSS Percentile 50.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-472
Status published
Products (1)
optimizely/configured_commerce < 5.2.2408
Published Jan 04, 2025
Tracked Since Feb 18, 2026