CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-42998: Security misconfiguration vulnerability in SAP Business One Integration Framework

5.3 CVSS

Description

The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted pages. This leads to low impact on confidentiality of the application, there is no impact on integrity and availability.

Classification

CVE ID: CVE-2025-42998

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-346: Origin Validation Error

Affected Products

Vendor: SAP_SE

Product: SAP Business One Integration Framework

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.95% (scored less or equal to compared to others)

EPSS Date: 2025-06-21 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-42998
https://me.sap.com/notes/3594258
https://url.sap/sapsecuritypatchday

Timeline

2025-06-10 03:40:14 UTC
CVE

Security misconfiguration vulnerability in SAP Business One Integration Framework