CVE-2025-42937

Summary

SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Print ServiceSAPSPRINT 8.00affected
SAP_SESAP Print Service8.10affected

Weaknesses

  • CWE-35: CWE-35: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References