CVE-2025-24875
published 2025-02-11CVE-2025-24875: SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in…
medium6.8CVSS 3.1
AVNACHPRNUIRSUCHIHAN
SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap_se | sap_commerce | — | — |
| sap_se | sap_commerce | — | — |