CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-25241: Missing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests)

5.4 CVSS

Description

Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no impact on availability.

Classification

CVE ID: CVE-2025-25241

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Products

Vendor: SAP_SE

Product: SAP Fiori Apps Reference Library (My Overtime Requests)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.94% (scored less or equal to compared to others)

EPSS Date: 2025-03-12 (when was this score calculated)

References

https://me.sap.com/notes/3532025
https://url.sap/sapsecuritypatchday

Timeline

2025-02-12 00:31:39 UTC
CVE

Missing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests)