CVE-2025-22387 – Optimizely Configured Commerce Session Hijacking Vulnerability

CVE ID : CVE-2025-22387

Published : Jan. 4, 2025, 2:15 a.m. | 8 hours, 45 minutes ago

Description : An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…CVE ID : CVE-2025-22387

Published : Jan. 4, 2025, 2:15 a.m. | 8 hours, 45 minutes ago

Description : An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…