Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management

9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Description

Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker could cause high impact on confidentiality, integrity and availability of the application.

AI Analysis

AI processing failed - returned non-JSON response

Basic Information

ID CVE-2025-42910

Source sap

Published Oct 14, 2025 at 00:18

Affected Product

Vendor SAP_SE

Product SAP Supplier Relationship Management

Version SRMNXP01 100

Affected Versions SAP_SE SAP Supplier Relationship Management SRMNXP01 100
SAP_SE SAP Supplier Relationship Management 150

CWE Classification

CWE-434

References

{
    "lastseen": "",
    "description": "Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker could cause high impact on confidentiality, integrity and availability of the application.",
    "published": "2025-10-14T00:18:21.887Z",
    "modified": "2025-10-14T00:18:21.887Z",
    "type": "cve",
    "title": "Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management",
    "source": "sap",
    "references": "https://me.sap.com/notes/3647332\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42910",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Supplier Relationship Management SRMNXP01 100\nSAP_SE SAP Supplier Relationship Management 150",
    "sourceHref": "",
    "cvss": {
        "score": 9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Supplier Relationship Management",
    "version": "SRMNXP01 100",
    "vendor": "SAP_SE",
    "ai_description": "AI processing failed - returned non-JSON response",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management_CVE-2025-42910