Business Logic Vulnerability in Optimizely Configured Commerce
CVE-2025-22384

Currently unrated

Key Information:

Vendor: Optimizely
Status: Configured Commerce
Vendor: CVE Published:; 4 January 2025

What is CVE-2025-22384?

In Optimizely Configured Commerce prior to version 5.2.2408, a vulnerability exists within the B2B application that compromises business logic functionality. This issue enables storefront visitors to circumvent normal purchasing restrictions and acquire discontinued products under specific conditions. The vulnerability arises from the manipulation of requests before they are processed by the server, resulting in unintended access to products no longer available for sale. This poses significant risks to businesses relying on the integrity of their product offerings.

References

https://support.optimizely.com/hc/en-us/articles/32694560...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 4, 2025
Vulnerability Reserved
Jan 4, 2025

JSON