CVE-2025-43003
6.4
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
Summary
SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive information. This could cause a high impact on confidentiality and minimal impact on integrity and availability of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP S/4HANA (Private Cloud & On-Premise) | S4CRM 204 | affected |
| SAP_SE | SAP S/4HANA (Private Cloud & On-Premise) | 205 | affected |
| SAP_SE | SAP S/4HANA (Private Cloud & On-Premise) | 206 | affected |
| SAP_SE | SAP S/4HANA (Private Cloud & On-Premise) | S4CEXT 107 | affected |
| SAP_SE | SAP S/4HANA (Private Cloud & On-Premise) | 108 | affected |
| SAP_SE | SAP S/4HANA (Private Cloud & On-Premise) | BBPCRM 702 | affected |
| SAP_SE | SAP S/4HANA (Private Cloud & On-Premise) | 712 | affected |
| SAP_SE | SAP S/4HANA (Private Cloud & On-Premise) | 713 | affected |
| SAP_SE | SAP S/4HANA (Private Cloud & On-Premise) | 714 | affected |
Weaknesses
- CWE-749: CWE-749: Exposed Dangerous Method or Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.