CVE-2025-22384

Published Jan 4, 2025

Last updated 3 months ago

Overview

Description: An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server.
Source: cve@mitre.org
NVD status: Analyzed
Products: configured_commerce

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

cve@mitre.org: CWE-472
nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

CVE-2025-22384 An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, w… https://t.co/pz3UxNFCed
@CVEnew
4 Jan 2025
463 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:optimizely:configured_commerce:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E3EA39C-BADA-4649-BF50-7E095C90C125",
            "versionEndExcluding": "5.2.2408"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.