Home

Description

SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive information. This could cause a high impact on confidentiality and minimal impact on integrity and availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-05-13 | Updated 2025-05-13 | Assigner sap




MEDIUM: 6.4CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L

Problem types

CWE-749: Exposed Dangerous Method or Function

Product status

Default status
unaffected

S4CRM 204
affected

205
affected

206
affected

S4CEXT 107
affected

108
affected

BBPCRM 702
affected

712
affected

713
affected

714
affected

References

me.sap.com/notes/3596033

url.sap/sapsecuritypatchday

cve.org (CVE-2025-43003)

nvd.nist.gov (CVE-2025-43003)

Download JSON