CVE-2025-43008
MEDIUMSAP S/4HANA HCM Portugal and SAP ERP HCM Portugal - Unauthenticated Information Disclosure via Missing Authorization
Title source: llmDescription
Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3585992
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
5.8
EPSS
0.0017
EPSS Percentile
37.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (5)
SAP_SE/SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal
101
SAP_SE/SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal
604
SAP_SE/SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal
608
SAP_SE/SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal
S4HCMCPT 100
SAP_SE/SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal
SAP_HRCPT 600
Published
May 13, 2025
Tracked Since
Feb 18, 2026