CVE-2025-43010
HIGHSAP S/4HANA Cloud Private Edition or on Premise - Command Injection
Title source: llmDescription
SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3600859
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
8.3
EPSS
0.0023
EPSS Percentile
46.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-94
Status
published
Products (13)
SAP_SE/SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL))
103
SAP_SE/SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL))
104
SAP_SE/SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL))
105
SAP_SE/SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL))
106
SAP_SE/SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL))
107
SAP_SE/SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL))
108
SAP_SE/SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL))
701
SAP_SE/SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL))
702
SAP_SE/SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL))
712
SAP_SE/SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL))
713
... and 3 more
Published
May 13, 2025
Tracked Since
Feb 18, 2026