CVE-2025-22384

HIGH

Optimizely Configured Commerce <5.2.2408 - Info Disclosure

Title source: llm

Description

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server.

References (1)

[Vendor Advisory] https://support.optimizely.com/hc/en-us/articles/32694560473741-Configured-Commerce-Security-Advisory-COM-2024-02

Scores

CVSS v3 7.5

EPSS 0.0027

EPSS Percentile 50.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-472

Status published

Affected Products (1)

optimizely/configured_commerce < 5.2.2408

Timeline

Published Jan 04, 2025

Tracked Since Feb 18, 2026