CVE-2025-42960 MEDIUM

CVE-2025-42960: Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA BEx Tools

Vendor Sap_Se
Product SAP Business Warehouse and SAP BW/4HANA BEx Tools
Weakness CWE-862 · Missing authorization
Published July 8, 2025
Last update July 8, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentiality and availability of the application.

Key dates

02Disclosure timeline

July 8, 2025 CVE published
July 8, 2025 Record updated