CVE-2025-23191

Published Feb 11, 2025

Last updated 12 days ago

CVSS low 3.1

Overview

Description
Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting them from the SAP server to a malicious link set by the attacker. Successful exploitation could cause low impact on integrity of the application.
Source
cna@sap.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
3.1
Impact score
1.4
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

cna@sap.com
CWE-644

Social media

Hype score
Not currently trending

  1. CVE-2025-23191 Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker co… https://t.co/vN2Xcp47Af

    @CVEnew

    11 Feb 2025

    368 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References