CVE-2025-27430 Information

Description

Under certain conditions an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources thereby compromising the application’s confidentiality. There is no impact on integrity or availability

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Reference

https://me.sap.com/notes/3561861 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.5