CVE-2025-42892 MEDIUM

CVE-2025-42892: OS Command Injection vulnerability in SAP Business Connector

Vendor Sap_Se

Product SAP Business Connector

Weakness CWE-78

Published November 11, 2025

Last update November 12, 2025

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

Key dates

02Disclosure timeline

November 11, 2025 CVE published

November 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-42892 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

CVE-2025-42892: OS Command Injection vulnerability in SAP Business Connector

01Description

02Disclosure timeline

03References

04Related CVE