CVE-2025-30016 | THREATINT

Description

SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application.

PUBLISHED Reserved 2025-03-13 | Published 2025-04-08 | Updated 2026-02-26 | Assigner sap

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-921: Storage of Sensitive Data in a Mechanism without Access Control

Product status

Default status

unaffected

FINANCE 1010

affected

References

me.sap.com/notes/3572688

url.sap/sapsecuritypatchday

cve.org (CVE-2025-30016)

nvd.nist.gov (CVE-2025-30016)

Download JSON