CVE-2025-27430

Summary

Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)S4CRM 100affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)200affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)204affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)205affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)206affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)S4FND 102affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)103affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)104affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)105affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)106affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)107affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)108affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)S4CEXT 107affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)BBPCRM 701affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)702affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)712affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)713affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)714affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)WEBCUIF 701affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)731affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)746affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)747affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)748affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)800affected
SAP_SESAP CRM and SAP S/4HANA (Interaction Center)801affected

Weaknesses

  • CWE-918: CWE-918: Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References