850
VMScore

CVE-2025-22384

CVSSv4: NA | CVSSv3: 7.5 | CVSSv2: NA | VMScore: 850 | EPSS: 0.00043 | KEV: Not Included
Published: 04/01/2025 Updated: 06/01/2025

Vulnerability Summary

Business Logic Flaw in Optimizely Commerce Allows Discontinued Product Purchase

A problem was found in Optimizely Configured Commerce before version 5.2.2408. There is a medium-severity business logic issue in the Commerce B2B app. This lets visitors buy discontinued products in certain situations by changing requests before they get to the server.