CVE-2025-42983

Summary

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any data.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Business Warehouse and SAP Plug-In BasisPI_BASIS 2006_1_700affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis701affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis702affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis731affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis740affected
SAP_SESAP Business Warehouse and SAP Plug-In BasisSAP_BW 750affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis751affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis752affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis753affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis754affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis755affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis756affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis757affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis758affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis914affected
SAP_SESAP Business Warehouse and SAP Plug-In Basis915affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References