CVE-2025-27430

Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3561861
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) En determinadas circunstancias, una vulnerabilidad SSRF en SAP CRM y SAP S/4HANA (Interaction Center) permite a un atacante con pocos privilegios acceder a información restringida. Esta falla permite al atacante enviar solicitudes a recursos de red internos, comprometiendo así la confidencialidad de la aplicación. No hay impacto en la integridad ni en la disponibilidad.

11 Mar 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-11 01:15

Updated : 2026-06-17 09:03

NVD link : CVE-2025-27430

Mitre link : CVE-2025-27430

CVE.ORG link : CVE-2025-27430

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2025-27430", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-27430", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-11T02:06:37.325274Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "affected": [{"source": "cna@sap.com", "affectedData": [{"vendor": "SAP_SE", "product": "SAP CRM and SAP S/4HANA (Interaction Center)", "versions": [{"status": "affected", "version": "S4CRM 100"}, {"status": "affected", "version": "200"}, {"status": "affected", "version": "204"}, {"status": "affected", "version": "205"}, {"status": "affected", "version": "206"}, {"status": "affected", "version": "S4FND 102"}, {"status": "affected", "version": "103"}, {"status": "affected", "version": "104"}, {"status": "affected", "version": "105"}, {"status": "affected", "version": "106"}, {"status": "affected", "version": "107"}, {"status": "affected", "version": "108"}, {"status": "affected", "version": "S4CEXT 107"}, {"status": "affected", "version": "BBPCRM 701"}, {"status": "affected", "version": "702"}, {"status": "affected", "version": "712"}, {"status": "affected", "version": "713"}, {"status": "affected", "version": "714"}, {"status": "affected", "version": "WEBCUIF 701"}, {"status": "affected", "version": "731"}, {"status": "affected", "version": "746"}, {"status": "affected", "version": "747"}, {"status": "affected", "version": "748"}, {"status": "affected", "version": "800"}, {"status": "affected", "version": "801"}], "defaultStatus": "unaffected"}]}], "published": "2025-03-11T01:15:36.157", "references": [{"url": "https://me.sap.com/notes/3561861", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability"}, {"lang": "es", "value": "En determinadas circunstancias, una vulnerabilidad SSRF en SAP CRM y SAP S/4HANA (Interaction Center) permite a un atacante con pocos privilegios acceder a informaci\u00f3n restringida. Esta falla permite al atacante enviar solicitudes a recursos de red internos, comprometiendo as\u00ed la confidencialidad de la aplicaci\u00f3n. No hay impacto en la integridad ni en la disponibilidad."}], "lastModified": "2026-06-17T09:03:34.560", "sourceIdentifier": "cna@sap.com"}