CVE-2025-42910
Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
14 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker could cause high impact on confidentiality, integrity and availability of the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Affected products
SAP_SE · SAP Supplier Relationship ManagementWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →