CVE-2025-42915 | THREATINT

Description

Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-09 | Updated 2025-09-09 | Assigner sap

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

S4CORE 107

affected

108

affected

References

me.sap.com/notes/3409013

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42915)

nvd.nist.gov (CVE-2025-42915)

Download JSON