CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-43008: Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

5.8 CVSS

Description

Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.

Classification

CVE ID: CVE-2025-43008

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.8

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Problem Types

CWE-862: Missing Authorization

Affected Products

Vendor: SAP_SE

Product: SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 8.52% (scored less or equal to compared to others)

EPSS Date: 2025-06-11 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-43008
https://me.sap.com/notes/3585992
https://url.sap/sapsecuritypatchday

Timeline

2025-05-13 14:40:12 UTC
CVE

Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal