CVE-2025-42993
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-06-12
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing authorization check in SAP S/4HANA's Enterprise Event Enablement. An attacker who has access to the Inbound Binding Configuration can create an RFC destination and assign it to any high-privilege user. This enables the attacker to consume events through the RFC destination and execute code with the privileges of that high-privilege user.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized code execution with high-privilege user rights, which poses a significant risk to the confidentiality and integrity of your system. Although the impact on availability is low, attackers could potentially access sensitive information or alter data, compromising system security.