CVE-2025-43010 HIGH

CVE-2025-43010: Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL))

Vendor Sap_Se
Product SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL))
Weakness CWE-94 · Code injection
Published May 13, 2025
Last update May 13, 2025

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.

Key dates

02Disclosure timeline

May 13, 2025 CVE published
May 13, 2025 Record updated