CVE-2025-42889 | THREATINT

Description

SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-11 | Updated 2025-11-12 | Assigner sap

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command

Product status

Default status

unaffected

SAP_APPL 600

affected

602

affected

603

affected

604

affected

605

affected

606

affected

616

affected

SAP_FIN 617

affected

618

affected

700

affected

720

affected

730

affected

S4CORE 100

affected

101

affected

102

affected

103

affected

104

affected

References

me.sap.com/notes/2886616

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42889)

nvd.nist.gov (CVE-2025-42889)

Download JSON