CVE-2025-25243 Information

Description

SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any user interaction. This can reveal highly sensitive information with no impact to integrity or availability.

Reference

https://me.sap.com/notes/3567551 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday