CVE-2025-42967

Summary

SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)SCMAPO 713affected
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)714affected
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)S4CORE 102affected
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)103affected
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)104affected
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)S4COREOP 105affected
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)106affected
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)107affected
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)108affected
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)SCM 700affected
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)701affected
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)702affected
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)712affected

Weaknesses

  • CWE-94: CWE-94: Improper Control of Generation of Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References