CVE-2025-42982 | THREATINT

Description

SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-06-10 | Updated 2026-02-26 | Assigner sap

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

GRCPINW V1100_700

affected

V1100_731

affected

References

me.sap.com/notes/3609271

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42982)

nvd.nist.gov (CVE-2025-42982)

Download JSON