CVE-2025-42906

Summary

SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Commerce CloudCOM_CLOUD 2211affected

Weaknesses

  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References