CVE-2025-43009 | THREATINT

Description

SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-05-13 | Updated 2025-05-13 | Assigner sap

MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

SAP_APPL 600

affected

602

affected

603

affected

604

affected

605

affected

606

affected

616

affected

617

affected

618

affected

S4CORE 100

affected

101

affected

102

affected

References

me.sap.com/notes/2491817

url.sap/sapsecuritypatchday

cve.org (CVE-2025-43009)

nvd.nist.gov (CVE-2025-43009)

Download JSON