CVE-2025-42916
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-09
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | abap | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because of missing input validation in ABAP reports. An attacker who already has high privilege access to these reports can delete the content of arbitrary database tables, provided those tables are not protected by an authorization group.
How can this vulnerability impact me? :
The vulnerability can lead to a high impact on the integrity and availability of the database by allowing deletion of data. However, it does not affect the confidentiality of the data.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that database tables are protected by appropriate authorization groups to prevent unauthorized deletion. Limit high privilege access to ABAP reports only to trusted users and review input validation mechanisms in the ABAP reports to prevent deletion of arbitrary database tables.