CVE-2025-31328 MEDIUM

CVE-2025-31328: Cross-Site Request Forgery (CSRF) vulnerability in SAP S/4 HANA (Learning Solution)

Vendor Sap_Se
Product SAP S/4 HANA (Learning Solution)
Weakness CWE-352 · CSRF
Published April 22, 2025
Last update April 23, 2025
View on NVD All CVEs

CVSS base score

4.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability.

Key dates

02Disclosure timeline

April 22, 2025 CVE published
April 23, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-48768 WordPress Quantity Plus Minus Button for WooCommerce by CodeAstrology Plugin <= 1.1.9 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-23922 WordPress iSpring Embedder plugin <= 1.0 - CSRF to Arbitrary File Upload vulnerability CVE-2022-40623 WAVLINK Quantum D4G (WN531G3) CSRF CVE-2026-27758 SODOLA SL902-SWTGW124AS <= 200.1.20 Missing CSRF Protections CVE-2023-27445 WordPress Blog Floating Button Plugin <= 1.4.12 is vulnerable to Cross Site Request Forgery (CSRF)