CVE-2025-43007

Summary

SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Service Parts Management (SPM)SAP_APPL 617affected
SAP_SESAP Service Parts Management (SPM)618affected
SAP_SESAP Service Parts Management (SPM)S4CORE 100affected
SAP_SESAP Service Parts Management (SPM)101affected
SAP_SESAP Service Parts Management (SPM)102affected
SAP_SESAP Service Parts Management (SPM)103affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References