CVE-2025-42916

Summary

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S/4HANA (Private Cloud or On-Premise)S4CORE 102affected
SAP_SESAP S/4HANA (Private Cloud or On-Premise)103affected
SAP_SESAP S/4HANA (Private Cloud or On-Premise)104affected
SAP_SESAP S/4HANA (Private Cloud or On-Premise)105affected
SAP_SESAP S/4HANA (Private Cloud or On-Premise)106affected
SAP_SESAP S/4HANA (Private Cloud or On-Premise)107affected
SAP_SESAP S/4HANA (Private Cloud or On-Premise)108affected

Weaknesses

  • CWE-1287: CWE-1287: Improper Validation of Specified Type of Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References