← voltar
CVE-2025-42910

Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management

CVSS 9 CRITICALEPSS 0.4%CWE-434
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker could cause high impact on confidentiality, integrity and availability of the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Produtos afetados
SAP_SE · SAP Supplier Relationship Management

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3647332https://url.sap/sapsecuritypatchday