CVE-2025-31328
Cross-Site Request Forgery (CSRF) vulnerability in SAP S/4 HANA (Learning Solution)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability.
SAP Learning Solution es vulnerable a Cross-Site Request Forgery (CSRF), lo que permite a un atacante engañar a un usuario autenticado para que envíe solicitudes no deseadas al servidor. La función OData basada en GET tiene un nombre que viola el comportamiento esperado. Este problema podría afectar tanto la confidencialidad como la integridad de la aplicación sin afectar la disponibilidad.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2025-03-27 CVE Reserved
- 2025-04-22 CVE Published
- 2025-04-23 CVE Updated
- 2025-06-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| SAP SE Search vendor "SAP SE" | SAP S/4 HANA (Learning Solution) Search vendor "SAP SE" for product "SAP S/4 HANA (Learning Solution)" | 101 Search vendor "SAP SE" for product "SAP S/4 HANA (Learning Solution)" and version "101" | en |
Affected
| ||||||