CVE-2025-42906 | THREATINT

Description

SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-14 | Updated 2025-10-14 | Assigner sap

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory

Product status

Default status

unaffected

COM_CLOUD 2211

affected

References

me.sap.com/notes/3634724

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42906)

nvd.nist.gov (CVE-2025-42906)

Download JSON