Home

Description

RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-06-10 | Updated 2026-02-26 | Assigner sap




CRITICAL: 9.6CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Problem types

CWE-862: Missing Authorization

Product status

Default status
unaffected

KERNEL 7.89
affected

7.93
affected

9.14
affected

9.15
affected

References

me.sap.com/notes/3600840

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42989)

nvd.nist.gov (CVE-2025-42989)

Download JSON