CVE-2025-25241 MEDIUM

CVE-2025-25241: Missing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests)

Vendor Sap_Se
Product SAP Fiori Apps Reference Library (My Overtime Requests)
Weakness CWE-862 · Missing authorization
Published February 11, 2025
Last update February 18, 2025
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no impact on availability.

Key dates

02Disclosure timeline

February 11, 2025 CVE published
February 18, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-43154 WordPress Advanced Cron Manager – debug & control plugin <= 2.5.9 - Broken Access Control vulnerability CVE-2023-35164 Unauthorized users can manipulate a dashboard created by an administrator in DataEase CVE-2025-23773 WordPress Delete All Posts plugin <= 1.1.1 - Broken Access Control vulnerability CVE-2026-27328 WordPress EduBlink theme <= 2.0.7 - Broken Access Control vulnerability CVE-2024-54256 WordPress Easy Blocks pro plugin <= 1.0.21 - Broken Access Control vulnerability