CVE-2025-42967 | THREATINT

Description

SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-08 | Updated 2026-02-26 | Assigner sap

CRITICAL: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-94: Improper Control of Generation of Code

Product status

Default status

unaffected

SCMAPO 713

affected

714

affected

S4CORE 102

affected

103

affected

104

affected

S4COREOP 105

affected

106

affected

107

affected

108

affected

SCM 700

affected

701

affected

702

affected

712

affected

References

me.sap.com/notes/3618955

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42967)

nvd.nist.gov (CVE-2025-42967)

Download JSON