← back
CVE-2025-27435

Information Disclosure Vulnerability in SAP Commerce Cloud

CVSS 4.2 MEDIUMEPSS 0.2%CWE-862
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.2EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and integrity of the application.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected products
SAP_SE · SAP Commerce Cloud

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://me.sap.com/notes/3539465https://url.sap/sapsecuritypatchday