Home

Description

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-09 | Updated 2025-09-09 | Assigner sap




HIGH: 8.1CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

Problem types

CWE-1287: Improper Validation of Specified Type of Input

Product status

Default status
unaffected

DMIS 2011_1_620
affected

2011_1_640
affected

2011_1_700
affected

2011_1_710
affected

2011_1_730
affected

2011_1_731
affected

2011_1_752
affected

2020
affected

References

me.sap.com/notes/3633002

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42929)

nvd.nist.gov (CVE-2025-42929)

Download JSON