CVE-2025-42916 HIGH

CVE-2025-42916: Missing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

Vendor Sap_Se
Product SAP S/4HANA (Private Cloud or On-Premise)
Weakness CWE-1287
Published September 9, 2025
Last update September 9, 2025

CVSS base score

8.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality.

Key dates

02Disclosure timeline

September 9, 2025 CVE published
September 9, 2025 Record updated