CVE-2025-42915 MEDIUM

CVE-2025-42915: Missing Authorization Check in Fiori app (Manage Payment Blocks)

Vendor Sap_Se

Product Fiori app (Manage Payment Blocks)

Weakness CWE-862 · Missing authorization

Published September 9, 2025

Last update September 9, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability.

Key dates

02Disclosure timeline

September 9, 2025 CVE published

September 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-42915 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-12392 Cryptocurrency Payment Gateway for WooCommerce <= 2.0.25 - Missing Authorization to Unauthenticated Tracking Status Update CVE-2025-8322 Ventem｜e-School - Missing Authorization CVE-2024-11583 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font Deletion CVE-2026-39535 WordPress Display Eventbrite Events plugin <= 6.5.6 - Broken Access Control vulnerability CVE-2026-2031 Google Cloud Application Integration: Exposed internal APIs allow Information Disclosure and Remote Code Execution.

Identifiers

CVE CVE-2025-42915

CWE CWE-862

CVSS 5.4 / MEDIUM

Affected versions

Vendor Sap_Se

Product Fiori app (Manage Payment Blocks)

Affected S4CORE 107

Vendor Sap_Se

Product Fiori app (Manage Payment Blocks)

Affected 108