← back
CVE-2025-42960

Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA BEx Tools

CVSS 4.3 MEDIUMEPSS 0.2%CWE-862
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Jul 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentiality and availability of the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products
SAP_SE · SAP Business Warehouse and SAP BW/4HANA BEx Tools

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://me.sap.com/notes/3608991https://url.sap/sapsecuritypatchday