CVE-2025-43009 MEDIUM

CVE-2025-43009: Missing Authorization check in SAP Service Parts Management (SPM)

Vendor Sap_Se
Product SAP Service Parts Management (SPM)
Weakness CWE-862 · Missing authorization
Published May 13, 2025
Last update May 13, 2025
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
May 13, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-49320 WordPress FraudLabs Pro for WooCommerce plugin <= 2.22.11 - Broken Access Control Vulnerability CVE-2023-4124 Missing Authorization in answerdev/answer CVE-2025-67969 WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.5.1 - Broken Access Control vulnerability CVE-2023-25026 WordPress PayPal Brasil para WooCommerce plugin <= 1.4.2 - Broken Access Control vulnerability CVE-2025-66063 WordPress WP Google Review Slider plugin <= 17.4 - Broken Access Control vulnerability