CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-42984: Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application)

5.4 CVSS

Description

SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application.

Classification

CVE ID: CVE-2025-42984

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Problem Types

CWE-862: Missing Authorization

Affected Products

Vendor: SAP_SE

Product: SAP S/4HANA (Manage Central Purchase Contract application)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 8.36% (scored less or equal to compared to others)

EPSS Date: 2025-06-13 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-42984
https://me.sap.com/notes/3441087
https://url.sap/sapsecuritypatchday

Timeline

2025-06-10 03:40:13 UTC
CVE

Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application)