CVE-2025-42915
MEDIUMSAP Fiori app Manage Payment Blocks - Missing Authorization
Title source: llmDescription
Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3409013
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
5.4
EPSS
0.0004
EPSS Percentile
11.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (2)
SAP_SE/Fiori app (Manage Payment Blocks)
108
SAP_SE/Fiori app (Manage Payment Blocks)
S4CORE 107
Published
Sep 09, 2025
Tracked Since
Feb 18, 2026