CVE-2025-43008 | THREATINT

Description

Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.

PUBLISHED Reserved 2025-04-16 | Published 2025-05-13 | Updated 2025-05-13 | Assigner sap

MEDIUM: 5.8CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

S4HCMCPT 100

affected

101

affected

SAP_HRCPT 600

affected

604

affected

608

affected

References

me.sap.com/notes/3585992

url.sap/sapsecuritypatchday

cve.org (CVE-2025-43008)

nvd.nist.gov (CVE-2025-43008)

Download JSON