CVE-2025-31328

Name of the Vulnerable Software and Affected Versions SAP Learning Solution (affected versions not specified)

Description The issue allows an attacker to trick an authenticated user into sending unintended requests to the server through Cross-Site Request Forgery (CSRF). A GET-based OData function is named in a way that it violates the expected behavior, potentially impacting the confidentiality and integrity of the application without affecting its availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.