Missing input validation vulnerability in SAP S/4HANA (Private Cloud or...

8.1 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

Description

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality.

Basic Information

ID CVE-2025-42916

Source sap

Published Sep 9, 2025 at 02:07

Affected Product

Vendor SAP_SE

Product SAP S/4HANA (Private Cloud or On-Premise)

Version S4CORE 102

Affected Versions SAP_SE SAP S/4HANA (Private Cloud or On-Premise) S4CORE 102
SAP_SE SAP S/4HANA (Private Cloud or On-Premise) 103
SAP_SE SAP S/4HANA (Private Cloud or On-Premise) 104
SAP_SE SAP S/4HANA (Private Cloud or On-Premise) 105
SAP_SE SAP S/4HANA (Private Cloud or On-Premise) 106
SAP_SE SAP S/4HANA (Private Cloud or On-Premise) 107
SAP_SE SAP S/4HANA (Private Cloud or On-Premise) 108

CWE Classification

CWE-1287

References

{
    "lastseen": "",
    "description": "Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality.",
    "published": "2025-09-09T02:07:53.085Z",
    "modified": "2025-09-09T02:07:53.085Z",
    "type": "cve",
    "title": "Missing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3635475\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42916",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1287"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP S/4HANA (Private Cloud or On-Premise) S4CORE 102\nSAP_SE SAP S/4HANA (Private Cloud or On-Premise) 103\nSAP_SE SAP S/4HANA (Private Cloud or On-Premise) 104\nSAP_SE SAP S/4HANA (Private Cloud or On-Premise) 105\nSAP_SE SAP S/4HANA (Private Cloud or On-Premise) 106\nSAP_SE SAP S/4HANA (Private Cloud or On-Premise) 107\nSAP_SE SAP S/4HANA (Private Cloud or On-Premise) 108",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP S/4HANA (Private Cloud or On-Premise)",
    "version": "S4CORE 102",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise)_CVE-2025-42916