CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-30014: Directory Traversal vulnerability in SAP Capital Yield Tax Management

7.7 CVSS

Description

SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected.

Classification

CVE ID: CVE-2025-30014

CVSS Base Severity: HIGH

CVSS Base Score: 7.7

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem Types

CWE-35: Path Traversal

Affected Products

Vendor: SAP_SE

Product: SAP Capital Yield Tax Management

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.2% (probability of being exploited)

EPSS Percentile: 42.99% (scored less or equal to compared to others)

EPSS Date: 2025-05-07 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-30014
https://me.sap.com/notes/2927164
https://url.sap/sapsecuritypatchday

Timeline

2025-04-08 08:40:16 UTC
CVE

Directory Traversal vulnerability in SAP Capital Yield Tax Management