CVE-2025-26660 Information

Description

SAP Fiori applications using the posting library fail to properly configure security settings during the setup process leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application enabling them to potentially modify data. Confidentiality and Availability are not impacted.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Reference

https://me.sap.com/notes/3557655 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3