CVE-2025-27430: Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)

3.5 CVSS

Description

Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability

Classification

CVE ID: CVE-2025-27430

CVSS Base Severity: LOW

CVSS Base Score: 3.5

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Problem Types

CWE-918: Server-Side Request Forgery (SSRF)

Affected Products

Vendor: SAP_SE

Product: SAP CRM and SAP S/4HANA (Interaction Center)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 4.16% (scored less or equal to compared to others)

EPSS Date: 2025-04-08 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-27430
https://me.sap.com/notes/3561861
https://url.sap/sapsecuritypatchday

Timeline

2025-03-11 01:40:17 UTC
CVE

Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)