CVE-2025-42897 MEDIUM

CVE-2025-42897: Information Disclosure vulnerability in SAP Business One (SLD)

Vendor Sap_Se
Product SAP Business One (SLD)
Weakness CWE-522 · Insufficiently protected credentials
Published November 11, 2025
Last update November 12, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and availability.

Key dates

02Disclosure timeline

November 11, 2025 CVE published
November 12, 2025 Record updated