CVE-2025-43006 MEDIUM

CVE-2025-43006: Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)

Vendor Sap_Se
Product SAP Supplier Relationship Management (Master Data Management Catalog)
Weakness CWE-79 · XSS
Published May 13, 2025
Last update May 13, 2025

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
May 13, 2025 Record updated

Related vulnerabilities

04Related CVE