CVE-2025-27433

Summary

The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S/4HANA (Manage Bank Statements)S4CORE 107affected
SAP_SESAP S/4HANA (Manage Bank Statements)108affected

Weaknesses

  • CWE-639: CWE-639: Authorization Bypass Through User-Controlled Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References