CVE-2025-43010HIGH 8.3EPSS p31.1%

CVE-2025-43010CVE-2025-43010

Description

SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.

Scoring

CVSS 3.18.3 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
EPSS0.40% probability of exploitation · percentile 31.1% · 2026-06-19T12:03:05Z
Published2025-05-13
Last modified2026-04-15

Underlying weaknesses· 1

CWE-94

References

  1. https://me.sap.com/notes/3600859
  2. https://url.sap/sapsecuritypatchday

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-42957
CVE
CVE-2025-42880
CVE
CVE-2025-42887
CVE
CVE-2025-27429
CVE
CVE-2025-42967
CVE
CVE-2026-0488
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.