CVE-2025-23191

Name of the Vulnerable Software and Affected Versions: SAP ERP (affected versions not specified)

Description: The issue concerns the SAP OData endpoint in SAP Fiori for SAP ERP, where cached values could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the atom:link values in the returned metadata, redirecting them from the SAP server to a malicious link. This could cause low impact on the integrity of the application.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.