CVE-2025-42989

RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3600840
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

12 Jun 2025, 16:06

Type	Values Removed	Values Added
Summary		(es) El procesamiento entrante de RFC no realiza las comprobaciones de autorización necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Si se explota con éxito, el atacante podría afectar gravemente la integridad y la disponibilidad de la aplicación.

10 Jun 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-10 01:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-42989

Mitre link : CVE-2025-42989

CVE.ORG link : CVE-2025-42989

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

9.6 /10