CVE-2025-30014

HIGH

SAP Capital Yield Tax Management - Path Traversal

Title source: llm

Description

SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected.

References (2)

[Vendor Advisory] https://me.sap.com/notes/2927164

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 7.7

EPSS 0.0067

EPSS Percentile 71.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-35

Status published

Products (4)

SAP_SE/SAP Capital Yield Tax Management CYT 800

SAP_SE/SAP Capital Yield Tax Management CYT4HANA 100

SAP_SE/SAP Capital Yield Tax Management CYTERP 420_700

SAP_SE/SAP Capital Yield Tax Management IBS 7.0

Published Apr 08, 2025

Tracked Since Feb 18, 2026