CVE-2025-22384

Name of the Vulnerable Software and Affected Versions Optimizely Configured Commerce versions prior to 5.2.2408

Description A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server.

Recommendations For versions prior to 5.2.2408, update to version 5.2.2408 or later to resolve the issue. As a temporary workaround, consider implementing additional validation on storefront requests to prevent the purchase of discontinued products. Restrict access to the Commerce B2B application until the update is applied to minimize the risk of exploitation.