CVE-2025-42937

CRITICAL

SAP Print Service - Path Traversal

Title source: llm

Description

SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3630595

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 9.8

EPSS 0.0026

EPSS Percentile 49.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-35

Status published

Products (2)

SAP_SE/SAP Print Service 8.10

SAP_SE/SAP Print Service SAPSPRINT 8.00

Published Oct 14, 2025

Tracked Since Feb 18, 2026