Directory Traversal vulnerability in SAP Commerce Cloud_CVE-2025-42906

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application.

Basic Information

ID CVE-2025-42906

Source sap

Published Oct 14, 2025 at 00:17

Affected Product

Vendor SAP_SE

Product SAP Commerce Cloud

Version COM_CLOUD 2211

Affected Versions SAP_SE SAP Commerce Cloud COM_CLOUD 2211

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application.",
    "published": "2025-10-14T00:17:48.076Z",
    "modified": "2025-10-14T00:17:48.076Z",
    "type": "cve",
    "title": "Directory Traversal vulnerability in SAP Commerce Cloud",
    "source": "sap",
    "references": "https://me.sap.com/notes/3634724\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42906",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Commerce Cloud COM_CLOUD 2211",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Commerce Cloud",
    "version": "COM_CLOUD 2211",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}