690
VMScore

CVE-2025-22385

CVSSv4: NA | CVSSv3: 5.9 | CVSSv2: NA | VMScore: 690 | EPSS: 0.00043 | KEV: Not Included
Published: 04/01/2025 Updated: 06/01/2025

Vulnerability Summary

Mass Account Creation Vulnerability in Optimizely Commerce B2B

A problem was found in Optimizely Configured Commerce versions earlier than 5.2.2408. For new accounts, the Commerce B2B app does not need email confirmation. This medium-severity issue lets many accounts be created easily. This might impact database storage and allows unrequested storefront accounts to be made for visitors.