CVE-2025-43010 Information

Description

SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

Reference

https://me.sap.com/notes/3600859 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.3