CVE-2025-42929

HIGH

SAP - Privilege Escalation

Title source: llm

Description

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3633002

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 8.1

EPSS 0.0004

EPSS Percentile 12.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1287

Status published

Products (8)

SAP_SE/SAP Landscape Transformation Replication Server 2011_1_640

SAP_SE/SAP Landscape Transformation Replication Server 2011_1_700

SAP_SE/SAP Landscape Transformation Replication Server 2011_1_710

SAP_SE/SAP Landscape Transformation Replication Server 2011_1_730

SAP_SE/SAP Landscape Transformation Replication Server 2011_1_731

SAP_SE/SAP Landscape Transformation Replication Server 2011_1_752

SAP_SE/SAP Landscape Transformation Replication Server 2020

SAP_SE/SAP Landscape Transformation Replication Server DMIS 2011_1_620

Published Sep 09, 2025

Tracked Since Feb 18, 2026