CVE-2025-42951
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-12
Assigner: SAP SE
Description
Description
Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.οΏ½As a result , it has a high impact on the confidentiality, integrity, and availability of the application.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | business_one | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by broken authorization in SAP Business One (SLD), which allows an authenticated attacker to gain administrator privileges on a database by using the related API.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain administrator privileges, leading to a high impact on the confidentiality, integrity, and availability of the affected application and its data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70