Vulnerability in Sap_se Sap Fiori For Erp
CVE-2025-23191
Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting the…
EPSS: 0.002 (13.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.1 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N.
Affected products
- Sap_se Sap Fiori For Erp — versions SAP_GWFND 740, 750, 751
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-23191?
- CVE-2025-23191 is a low-severity vulnerability in Sap_se Sap Fiori For Erp, classified under Improper Neutralization of HTTP Headers for Scripting Syntax. CVSS score: 3.1/10. Published 2025-02-11.
- How severe is CVE-2025-23191?
- Low severity. CVSS v3 base score is 3.1 out of 10.