← Back

CVE-2025-22384

nvd nist
Published: Jan 4, 2025Modified: May 20, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server.

Affected (1)

Optimizely
1 product
Configured Commerce
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Configured Commerce
Before 5.2.2408

Related CWEs

CWE-472
External Control of Assumed-Immutable Web Parameter
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

References (1)

Source: cve@mitre.org
Vendor Advisory

Timeline

No history available yet.