CVE-2025-42930

Summary

SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Business Planning and ConsolidationBPC4HANA 200affected
SAP_SESAP Business Planning and Consolidation300affected
SAP_SESAP Business Planning and ConsolidationSAP_BW 750affected
SAP_SESAP Business Planning and Consolidation751affected
SAP_SESAP Business Planning and Consolidation752affected
SAP_SESAP Business Planning and Consolidation753affected
SAP_SESAP Business Planning and Consolidation754affected
SAP_SESAP Business Planning and Consolidation755affected
SAP_SESAP Business Planning and Consolidation756affected
SAP_SESAP Business Planning and Consolidation757affected
SAP_SESAP Business Planning and Consolidation758affected
SAP_SESAP Business Planning and Consolidation816affected
SAP_SESAP Business Planning and Consolidation914affected
SAP_SESAP Business Planning and ConsolidationCPMBPC 810affected

Weaknesses

  • CWE-606: CWE-606: Unchecked Input for Loop Condition

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References