CVE-2025-42916HIGH 8.1EPSS p15.9%

CVE-2025-42916CVE-2025-42916

Description

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
EPSS0.25% probability of exploitation · percentile 15.9% · 2026-06-18T12:00:27Z
Published2025-09-09
Last modified2026-04-15

Underlying weaknesses· 1

CWE-1287

References

  1. https://me.sap.com/notes/3635475
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessImproper Validation of Specified Type of Inputcwe-12870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-42929
CVE
CVE-2025-42983
CVE
CVE-2026-44751
CVE
CVE-2026-24309
CVE
CVE-2026-27681
CVE
CVE-2026-24310
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.