CVE-2025-43010 | THREATINT

Description

SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-05-13 | Updated 2025-05-13 | Assigner sap

HIGH: 8.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Problem types

CWE-94: Improper Control of Generation of Code

Product status

Default status

unaffected

S4CORE 102

affected

103

affected

104

affected

105

affected

106

affected

107

affected

108

affected

SCM_BASIS 700

affected

701

affected

702

affected

712

affected

713

affected

714

affected

References

me.sap.com/notes/3600859

url.sap/sapsecuritypatchday

cve.org (CVE-2025-43010)

nvd.nist.gov (CVE-2025-43010)

Download JSON