First published: Tue Feb 11 2025(Updated: )
Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no impact on availability.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP Fiori Apps Reference Library |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-25241 has a low impact on confidentiality and integrity due to a missing authorization check.
To mitigate CVE-2025-25241, you should implement proper authorization checks in the application.
CVE-2025-25241 requires the attacker to be logged into the application to exploit the vulnerability.
CVE-2025-25241 affects the SAP Fiori Apps Reference Library.
An attacker could potentially view or delete 'My Overtime Requests,' gaining access to sensitive employee information.