CVE-2025-23191

CVSS 3.1 Score 3.1 of 10 (low)

Details

Published Feb 11, 2025

CWE ID 644

Summary

CVE-2025-23191 is a vulnerability affecting SAP Fiori in SAP ERP systems. It allows an attacker to manipulate cached values in the SAP OData endpoint by altering the Host header value in an HTTP GET request. By doing so, the attacker can poison the `atom:link` values in the returned metadata, redirecting them to malicious links under their control. Successfully exploiting this vulnerability could result in a low impact on the application's integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2boaCC
https://www.cve.org/CVERecord?id=CVE-2025-23191
https://nvd.nist.gov/vuln/detail/CVE-2025-23191

Back to Vulnerability Database

CVE-2025-23191

CVSS 3.1 Score 3.1 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations