CVE-2025-42967CRITICAL 9.9EPSS p53.7%

CVE-2025-42967CVE-2025-42967

Description

SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.86% probability of exploitation · percentile 53.7% · 2026-06-19T12:03:05Z
Published2025-07-08
Last modified2026-04-15

Underlying weaknesses· 1

CWE-94

References

  1. https://me.sap.com/notes/3618955
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-42957
CVE
CVE-2025-43010
CVE
CVE-2025-27429
CVE
CVE-2025-42887
CVE
CVE-2025-42982
CVE
CVE-2025-42880
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.