CVE-2025-42930 | THREATINT

Description

SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-09 | Updated 2025-09-09 | Assigner sap

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-606: Unchecked Input for Loop Condition

Product status

Default status

unaffected

BPC4HANA 200

affected

300

affected

SAP_BW 750

affected

751

affected

752

affected

753

affected

754

affected

755

affected

756

affected

757

affected

758

affected

816

affected

914

affected

CPMBPC 810

affected

References

me.sap.com/notes/3614067

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42930)

nvd.nist.gov (CVE-2025-42930)

Download JSON