Home

Description

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-09 | Updated 2025-09-09 | Assigner sap




HIGH: 8.1CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

Problem types

CWE-1287: Improper Validation of Specified Type of Input

Product status

Default status
unaffected

S4CORE 102
affected

103
affected

104
affected

105
affected

106
affected

107
affected

108
affected

References

me.sap.com/notes/3635475

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42916)

nvd.nist.gov (CVE-2025-42916)

Download JSON