CVE-2025-42923
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-09

Assigner: SAP SE

Description
Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-09
Generated
2026-06-19
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-18
NVD
CVE-2025-42923
EUVD
EUVD-2025-27204
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sap fiori_app *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability has a low impact on the integrity of the application, meaning it could allow unauthorized modification of data or actions. However, it has no impact on confidentiality or availability.

Executive Summary

This vulnerability is due to insufficient Cross-Site Request Forgery (CSRF) protection in the SAP Fiori App Manage Work Center Groups. It allows an authenticated user to be tricked by an attacker into sending unintended requests to the web server.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-42923. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart