Vulnerabilities

CVE-2025-24875

by Fred · 11/02/2025

SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may lead to future compatibility issues.

More information : https://me.sap.com/notes/3555364

Similar

Tags: Cybersecurity Alert