CVE 5.4 MEDIUM

SQL Injection vulnerability in SAP Starter Solution (PL SAFT)_CVE-2025-42889

November 11, 2025 invoker category_cve
5.4 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Description

SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability.

Basic Information

ID CVE-2025-42889
Source sap
Published Nov 11, 2025 at 00:15

Affected Product

Vendor SAP_SE
Product SAP Starter Solution (PL SAFT)
Version SAP_APPL 600
Affected Versions SAP_SE SAP Starter Solution (PL SAFT) SAP_APPL 600
SAP_SE SAP Starter Solution (PL SAFT) 602
SAP_SE SAP Starter Solution (PL SAFT) 603
SAP_SE SAP Starter Solution (PL SAFT) 604
SAP_SE SAP Starter Solution (PL SAFT) 605
SAP_SE SAP Starter Solution (PL SAFT) 606
SAP_SE SAP Starter Solution (PL SAFT) 616
SAP_SE SAP Starter Solution (PL SAFT) SAP_FIN 617
SAP_SE SAP Starter Solution (PL SAFT) 618
SAP_SE SAP Starter Solution (PL SAFT) 700
SAP_SE SAP Starter Solution (PL SAFT) 720
SAP_SE SAP Starter Solution (PL SAFT) 730
SAP_SE SAP Starter Solution (PL SAFT) S4CORE 100
SAP_SE SAP Starter Solution (PL SAFT) 101
SAP_SE SAP Starter Solution (PL SAFT) 102
SAP_SE SAP Starter Solution (PL SAFT) 103
SAP_SE SAP Starter Solution (PL SAFT) 104

CWE Classification

CWE-89

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.