CVE-2025-25241
Description
Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the application. There is no impact on availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing authorization check in SAP application allows authenticated attackers to view or delete 'My Overtime Requests', exposing employee information.
Vulnerability
Overview
CVE-2025-25241 describes a missing authorization check in the 'My Overtime Requests' function of an SAP application. The root cause is the absence of proper access control enforcement, allowing any authenticated user to access functionality that should be restricted.
Exploitation
An attacker must be logged into the application to exploit this vulnerability. No additional privileges or network position beyond standard user access are required. The attacker can view and delete overtime requests, thereby accessing employee information that should not be visible to them.
Impact
The impact is limited to low confidentiality and integrity of the application. The attacker gains unauthorized access to employee data, but there is no impact on availability. This could lead to privacy breaches or manipulation of overtime records.
Mitigation
SAP has addressed this vulnerability as part of its monthly Security Patch Day. Users are advised to apply the relevant security note to remediate the issue [1]. No workarounds have been published, and applying the patch is the recommended course of action.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.