What the vulnerability does
01Description
Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.
CVE-2025-43008
MEDIUM
CVE-2025-43008: Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal
CVSS base score
5.8/10
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Key dates
02Disclosure timeline
May 13, 2025
CVE published
May 13, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-24421 phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user
CVE-2025-66139 WordPress Audier For Elementor plugin <= 1.0.9 - Broken Access Control vulnerability
CVE-2023-39996 WordPress Accordion and Accordion Slider plugin <= 1.2.4 - Broken Access Control
CVE-2025-50171 Remote Desktop Spoofing Vulnerability
CVE-2023-27625 WordPress Site Reviews plugin <= 6.5.0 - Broken Access Control vulnerability
