CVE-2025-22385 Information
Jan 06, 2025
cve
Description
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also non-requested storefront accounts can be created on behalf of visitors.