CVE-2025-27430
LOWSAP CRM and S/4HANA Interaction Center - Server-Side Request Forgery
Title source: manualDescription
Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3561861
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
3.5
EPSS
0.0010
EPSS Percentile
27.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (25)
SAP_SE/SAP CRM and SAP S/4HANA (Interaction Center)
103
SAP_SE/SAP CRM and SAP S/4HANA (Interaction Center)
104
SAP_SE/SAP CRM and SAP S/4HANA (Interaction Center)
105
SAP_SE/SAP CRM and SAP S/4HANA (Interaction Center)
106
SAP_SE/SAP CRM and SAP S/4HANA (Interaction Center)
107
SAP_SE/SAP CRM and SAP S/4HANA (Interaction Center)
108
SAP_SE/SAP CRM and SAP S/4HANA (Interaction Center)
200
SAP_SE/SAP CRM and SAP S/4HANA (Interaction Center)
204
SAP_SE/SAP CRM and SAP S/4HANA (Interaction Center)
205
SAP_SE/SAP CRM and SAP S/4HANA (Interaction Center)
206
... and 15 more
Published
Mar 11, 2025
Tracked Since
Feb 18, 2026