CVE-2025-42933HIGH 8.8EPSS p16.8%

CVE-2025-42933CVE-2025-42933

Description

When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and availability of the application.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.26% probability of exploitation · percentile 16.8% · 2026-06-19T12:03:05Z
Published2025-09-09
Last modified2026-04-15

Underlying weaknesses· 1

CWE-522

References

  1. https://me.sap.com/notes/3642961
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessInsufficiently Protected Credentialscwe-5220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-42951
CVE
CVE-2026-44743
CVE
CVE-2025-42982
CVE
CVE-2025-42953
CVE
CVE-2025-42957
CVE
CVE-2025-42964
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.