CVE-2025-43010
8.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Summary
SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | S4CORE 102 | affected |
| SAP_SE | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | 103 | affected |
| SAP_SE | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | 104 | affected |
| SAP_SE | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | 105 | affected |
| SAP_SE | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | 106 | affected |
| SAP_SE | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | 107 | affected |
| SAP_SE | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | 108 | affected |
| SAP_SE | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | SCM_BASIS 700 | affected |
| SAP_SE | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | 701 | affected |
| SAP_SE | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | 702 | affected |
| SAP_SE | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | 712 | affected |
| SAP_SE | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | 713 | affected |
| SAP_SE | SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) | 714 | affected |
Weaknesses
- CWE-94: CWE-94: Improper Control of Generation of Code
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.