CVE-2025-42916

HIGH

SAP - Privilege Escalation

Title source: llm

Description

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3635475

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 8.1

EPSS 0.0004

EPSS Percentile 12.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1287

Status published

Products (7)

SAP_SE/SAP S/4HANA (Private Cloud or On-Premise) 103

SAP_SE/SAP S/4HANA (Private Cloud or On-Premise) 104

SAP_SE/SAP S/4HANA (Private Cloud or On-Premise) 105

SAP_SE/SAP S/4HANA (Private Cloud or On-Premise) 106

SAP_SE/SAP S/4HANA (Private Cloud or On-Premise) 107

SAP_SE/SAP S/4HANA (Private Cloud or On-Premise) 108

SAP_SE/SAP S/4HANA (Private Cloud or On-Premise) S4CORE 102

Published Sep 09, 2025

Tracked Since Feb 18, 2026