CVE-2025-42984
MEDIUMSAP S/4HANA Manage Central Purchase Contract - Privilege Escalation
Title source: llmDescription
SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3441087
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
5.4
EPSS
0.0021
EPSS Percentile
43.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (3)
SAP_SE/SAP S/4HANA (Manage Central Purchase Contract application)
107
SAP_SE/SAP S/4HANA (Manage Central Purchase Contract application)
108
SAP_SE/SAP S/4HANA (Manage Central Purchase Contract application)
S4CORE 106
Published
Jun 10, 2025
Tracked Since
Feb 18, 2026