cvedb.io
CVE-2025-31328
MEDIUM · CVSS 4.6
EPSS exploitation probability: 0%
Published 2025-04-22T19:15:52.570 · Last modified 2026-06-17T09:10:14.743

Summary

SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.