CVE-2025-23191
LOWSAP Fiori for SAP ERP - HTTP Header Injection via Host Header
Title source: llmDescription
Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting them from the SAP server to a malicious link set by the attacker. Successful exploitation could cause low impact on integrity of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3426825
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
3.1
EPSS
0.0011
EPSS Percentile
28.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-644
Status
published
Products (10)
SAP_SE/SAP Fiori for SAP ERP
750
SAP_SE/SAP Fiori for SAP ERP
751
SAP_SE/SAP Fiori for SAP ERP
752
SAP_SE/SAP Fiori for SAP ERP
753
SAP_SE/SAP Fiori for SAP ERP
754
SAP_SE/SAP Fiori for SAP ERP
755
SAP_SE/SAP Fiori for SAP ERP
756
SAP_SE/SAP Fiori for SAP ERP
757
SAP_SE/SAP Fiori for SAP ERP
758
SAP_SE/SAP Fiori for SAP ERP
SAP_GWFND 740
Published
Feb 11, 2025
Tracked Since
Feb 18, 2026