CVE-2025-42915

Summary

Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SEFiori app (Manage Payment Blocks)S4CORE 107affected
SAP_SEFiori app (Manage Payment Blocks)108affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References