← Retour aux CVEs
CVE-2025-42989
CRITICAL9.6
Description
RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application.
Details CVE
Score CVSS v3.19.6
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie6/10/2025
Derniere modification6/12/2025
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-862
References
https://me.sap.com/notes/3600840(cna@sap.com)
https://url.sap/sapsecuritypatchday(cna@sap.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.