CVE-2025-31333 | THREATINT

Description

SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.

PUBLISHED Reserved 2025-03-27 | Published 2025-04-08 | Updated 2025-04-08 | Assigner sap

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-472: External Control of Assumed-Immutable Web Parameter

Product status

Default status

unaffected

S4CORE 107

affected

108

affected

References

me.sap.com/notes/3525971

url.sap/sapsecuritypatchday

cve.org (CVE-2025-31333)

nvd.nist.gov (CVE-2025-31333)

Download JSON