CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-42987: Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statement)

4.3 CVSS

Description

SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of the application.

Classification

CVE ID: CVE-2025-42987

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem Types

CWE-862: Missing Authorization

Affected Products

Vendor: SAP_SE

Product: SAP S/4HANA (Manage Processing Rules - For Bank Statement)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.59% (scored less or equal to compared to others)

EPSS Date: 2025-06-13 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-42987
https://me.sap.com/notes/3596850
https://url.sap/sapsecuritypatchday

Timeline

2025-06-10 03:40:14 UTC
CVE

Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statement)