CVE-2025-42923 MEDIUM

CVE-2025-42923: Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center Groups)

Vendor Sap_Se
Product SAP Fiori App (F4044 Manage Work Center Groups)
Weakness CWE-352 · CSRF
Published September 9, 2025
Last update September 9, 2025
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application.

Key dates

02Disclosure timeline

September 9, 2025 CVE published
September 9, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-23801 WordPress Style Admin Plugin <= 1.4.3 - CSRF to Stored XSS vulnerability CVE-2022-47167 WordPress Crayon Syntax Highlighter Plugin <= 2.8.4 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-64288 WordPress Premmerce plugin <= 1.3.19 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-4337 AHAthat Plugin <= 1.6 - Cross-Site Request Forgery to AHA Page Deletion CVE-2025-32272 WordPress Wishlist plugin <= 1.0.46 - Cross Site Request Forgery (CSRF) vulnerability