CVE-2025-22387

An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.

CVSS

No CVSS.

References

Link	Resource
https://support.optimizely.com/hc/en-us/articles/32695551034893-Configured-Commerce-Security-Advisory-COM-2024-06	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:optimizely:configured_commerce:*:*:*:*:*:*:*:*

History

21 May 2025, 17:05

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
First Time		Optimizely Optimizely configured Commerce
CPE		cpe:2.3:a:optimizely:configured_commerce::::::::
References	~~() https://support.optimizely.com/hc/en-us/articles/32695551034893-Configured-Commerce-Security-Advisory-COM-2024-06 -~~	() https://support.optimizely.com/hc/en-us/articles/32695551034893-Configured-Commerce-Security-Advisory-COM-2024-06 - Vendor Advisory

04 Jan 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-04 02:15

Updated : 2025-05-21 17:05

NVD link : CVE-2025-22387

Mitre link : CVE-2025-22387

JSON object : View

Products Affected

optimizely

configured_commerce

CWE

NVD-CWE-Other

JSON object

Attach tags to CVE-2025-22387

Attach tags to `CVE-2025-22387`