CVE-2025-43009

Summary

SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Service Parts Management (SPM)SAP_APPL 600affected
SAP_SESAP Service Parts Management (SPM)602affected
SAP_SESAP Service Parts Management (SPM)603affected
SAP_SESAP Service Parts Management (SPM)604affected
SAP_SESAP Service Parts Management (SPM)605affected
SAP_SESAP Service Parts Management (SPM)606affected
SAP_SESAP Service Parts Management (SPM)616affected
SAP_SESAP Service Parts Management (SPM)617affected
SAP_SESAP Service Parts Management (SPM)618affected
SAP_SESAP Service Parts Management (SPM)S4CORE 100affected
SAP_SESAP Service Parts Management (SPM)101affected
SAP_SESAP Service Parts Management (SPM)102affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References