CVE-2025-23191: Cache Poisoning through header manipulation vulnerability in SAP Fiori for SAP ERP

3.1 CVSS

Description

Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting them from the SAP server to a malicious link set by the attacker. Successful exploitation could cause low impact on integrity of the application.

Classification

CVE ID: CVE-2025-23191

CVSS Base Severity: LOW

CVSS Base Score: 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products

Vendor: SAP_SE

Product: SAP Fiori for SAP ERP

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 16.76% (scored less or equal to compared to others)

EPSS Date: 2025-03-12 (when was this score calculated)

References

https://me.sap.com/notes/3426825
https://url.sap/sapsecuritypatchday

Timeline

2025-02-12 00:31:38 UTC
CVE

Cache Poisoning through header manipulation vulnerability in SAP Fiori for SAP ERP