CVE-2025-42923

Summary

Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Fiori App (F4044 Manage Work Center Groups)UIS4HOP1 600affected
SAP_SESAP Fiori App (F4044 Manage Work Center Groups)700affected
SAP_SESAP Fiori App (F4044 Manage Work Center Groups)800affected
SAP_SESAP Fiori App (F4044 Manage Work Center Groups)900affected

Weaknesses

  • CWE-352: CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References