CVE-2025-42889

Summary

SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Starter Solution (PL SAFT)SAP_APPL 600affected
SAP_SESAP Starter Solution (PL SAFT)602affected
SAP_SESAP Starter Solution (PL SAFT)603affected
SAP_SESAP Starter Solution (PL SAFT)604affected
SAP_SESAP Starter Solution (PL SAFT)605affected
SAP_SESAP Starter Solution (PL SAFT)606affected
SAP_SESAP Starter Solution (PL SAFT)616affected
SAP_SESAP Starter Solution (PL SAFT)SAP_FIN 617affected
SAP_SESAP Starter Solution (PL SAFT)618affected
SAP_SESAP Starter Solution (PL SAFT)700affected
SAP_SESAP Starter Solution (PL SAFT)720affected
SAP_SESAP Starter Solution (PL SAFT)730affected
SAP_SESAP Starter Solution (PL SAFT)S4CORE 100affected
SAP_SESAP Starter Solution (PL SAFT)101affected
SAP_SESAP Starter Solution (PL SAFT)102affected
SAP_SESAP Starter Solution (PL SAFT)103affected
SAP_SESAP Starter Solution (PL SAFT)104affected

Weaknesses

  • CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References