CVE-2025-42989CRITICAL 9.6EPSS p32.1%

CVE-2025-42989CVE-2025-42989

Description

RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application.

Scoring

CVSS 3.19.6 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
EPSS0.40% probability of exploitation · percentile 32.1% · 2026-06-19T12:03:05Z
Published2025-06-10
Last modified2026-04-15

Underlying weaknesses· 1

CWE-862

References

  1. https://me.sap.com/notes/3600840
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-30023
CVE
CVE-2025-49181
CVE
CVE-2025-1393
CVE
CVE-2026-3999
CVE
CVE-2026-23595
CVE
CVE-2025-36890
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.