CVE-2025-43002

Summary

SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check. This could cause a low impact on confidentiality but integrity and availability of the application are not impacted.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S4/HANA (OData meta-data property)S4CORE 102affected
SAP_SESAP S4/HANA (OData meta-data property)103affected
SAP_SESAP S4/HANA (OData meta-data property)104affected
SAP_SESAP S4/HANA (OData meta-data property)105affected
SAP_SESAP S4/HANA (OData meta-data property)106affected

Weaknesses

  • CWE-472: CWE-472: External Control of Assumed-Immutable Web Parameter

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References