CVE-2025-43004

MEDIUM

Production Operator Dashboards - Info Disclosure

Title source: llm

Description

Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view non-sensitive customer information. However, this does not affect data integrity or availability.

References (2)

Core 2

Core References

Vendor Advisory

https://me.sap.com/notes/3571096

Vendor Advisory

https://url.sap/sapsecuritypatchday

Scores

CVSS v3 5.3

EPSS 0.0018

EPSS Percentile 38.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (1)

SAP_SE/SAP Digital Manufacturing (Production Operator Dashboard) CTNR-DME-PODFOUNDATION-MS 1.0

Published May 13, 2025

Tracked Since Feb 18, 2026