CVE-2025-42909

Summary

SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the application, integrity and availability is not impacted.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Cloud Appliance Library AppliancesTITANIUM_WEBAPP 4.0affected

Weaknesses

  • CWE-1004: CWE-1004: Sensitive Cookie Without HttpOnly Flag

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References