CSRF Vulnerability in SAP Fiori App Manage Work Center Groups
CVE-2025-42923

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Fiori App (f4044 Manage Work Center Groups)
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-42923?

A security vulnerability has been identified within the SAP Fiori App Manage Work Center Groups, which suffers from inadequate Cross-Site Request Forgery (CSRF) protection mechanisms. This flaw allows an authenticated user to be coerced into making unintended requests to the web server, potentially compromising the integrity of the application. While the vulnerability poses a limited risk to the overall functionality and data confidentiality of the system, it is essential for users to remain vigilant and apply necessary patches to mitigate potential security threats.

Affected Version(s)

SAP Fiori App (F4044 Manage Work Center Groups) UIS4HOP1 600

SAP Fiori App (F4044 Manage Work Center Groups) 700

SAP Fiori App (F4044 Manage Work Center Groups) 800

References

https://me.sap.com/notes/3450692

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Apr 16, 2025