CVE 9.9 CRITICAL

Code Injection vulnerability in SAP Solution Manager_CVE-2025-42880

December 8, 2025 invoker category_cve

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system.

AI Analysis

Code Injection vulnerability allowing authenticated attackers to insert malicious code and gain full system control

Basic Information

ID CVE-2025-42880

Source sap

Published Dec 9, 2025 at 02:15

Affected Product

Vendor SAP_SE

Product SAP Solution Manager

Version ST 720

Affected Versions SAP_SE SAP Solution Manager ST 720

CWE Classification

CWE-94

AI Assessment

AI Score 9.9 / 10

AI Severity Critical

Vendor SAP

Product SAP Solution Manager

Version ST 720

References

{
    "lastseen": "",
    "description": "Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system.",
    "published": "2025-12-09T02:15:09.161Z",
    "modified": "2025-12-09T02:15:09.161Z",
    "type": "cve",
    "title": "Code Injection vulnerability in SAP Solution Manager",
    "source": "sap",
    "references": "https://me.sap.com/notes/3685270\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42880",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Solution Manager ST 720",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Solution Manager",
    "version": "ST 720",
    "vendor": "SAP_SE",
    "ai_description": "Code Injection vulnerability allowing authenticated attackers to insert malicious code and gain full system control",
    "ai_severity": "Critical",
    "ai_vendor": "SAP",
    "ai_product": "SAP Solution Manager",
    "ai_version": "ST 720",
    "ai_score": 9.9
}

💭 Join the Security Discussion ❌ Cancel Reply