CVE-2025-22386

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Optimizely Configured Commerce versions prior to 5.2.2408

Description A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable.

Recommendations For versions prior to 5.2.2408, update to version 5.2.2408 or later to resolve the issue. As a temporary workaround, consider restricting access to active sessions in the storefront to minimize the risk of exploitation.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2025-22386

Affected Products

Optimizely Configured Commerce

CVE-2025-22386

Weakness Enumeration

Related Identifiers

Affected Products

References · 8