{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-25241", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-02-04T23:28:33.502Z", "datePublished": "2025-02-11T00:37:53.612Z", "dateUpdated": "2025-02-18T18:04:01.194Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Fiori Apps Reference Library (My Overtime Requests)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "GBX01HR5 605"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Due to a missing authorization check, an attacker who is logged in to application can view/ delete \ufffdMy Overtime Requests\ufffd which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no impact on availability.</p>"}], "value": "Due to a missing authorization check, an attacker who is logged in to application can view/ delete \ufffdMy Overtime Requests\ufffd which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no impact on availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-02-11T00:37:53.612Z"}, "references": [{"url": "https://me.sap.com/notes/3532025"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Missing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-11T05:42:35.113568Z", "id": "CVE-2025-25241", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-18T18:04:01.194Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-25241", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-11T05:42:35.113568Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T05:43:33.331Z"}}], "cna": {"title": "Missing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Fiori Apps Reference Library (My Overtime Requests)", "versions": [{"status": "affected", "version": "GBX01HR5 605"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3532025"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Due to a missing authorization check, an attacker who is logged in to application can view/ delete \ufffdMy Overtime Requests\ufffd which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no impact on availability.", "supportingMedia": [{"type": "text/html", "value": "<p>Due to a missing authorization check, an attacker who is logged in to application can view/ delete \ufffdMy Overtime Requests\ufffd which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no impact on availability.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-02-11T00:37:53.612Z"}}}, "cveMetadata": {"cveId": "CVE-2025-25241", "state": "PUBLISHED", "dateUpdated": "2025-02-18T18:04:01.194Z", "dateReserved": "2025-02-04T23:28:33.502Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2025-02-11T00:37:53.612Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Due to a missing authorization check, an attacker who is logged in to application can view/ delete \ufffdMy Overtime Requests\ufffd which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no impact on availability."}, {"lang": "es", "value": "Debido a la falta de una verificaci\u00f3n de autorizaci\u00f3n, un atacante que haya iniciado sesi\u00f3n en la aplicaci\u00f3n puede ver o eliminar \"Mis solicitudes de horas extra\", lo que podr\u00eda permitirle acceder a la informaci\u00f3n de los empleados. Esto genera un impacto bajo en la confidencialidad y la integridad de la aplicaci\u00f3n. No hay impacto en la disponibilidad."}], "id": "CVE-2025-25241", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2025-02-11T01:15:12.027", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3532025"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "cna@sap.com", "type": "Secondary"}]}

{}

{}