Vulnerability in Sap_se Sap Fiori For Erp

CVE-2025-23191

Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting the…

EPSS: 0.002 (13.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.1 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-23191?
CVE-2025-23191 is a low-severity vulnerability in Sap_se Sap Fiori For Erp, classified under Improper Neutralization of HTTP Headers for Scripting Syntax. CVSS score: 3.1/10. Published 2025-02-11.
How severe is CVE-2025-23191?
Low severity. CVSS v3 base score is 3.1 out of 10.