CVE-2025-42930
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-09
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | business_planning_and_consolidation | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-606 | The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in SAP Business Planning and Consolidation allows an authenticated standard user to invoke a function module with specially crafted parameters that cause a loop, which consumes excessive system resources and results in system unavailability.
How can this vulnerability impact me? :
The vulnerability impacts the availability of the SAP Business Planning and Consolidation application by causing excessive resource consumption and potentially making the system unavailable. There is no impact on confidentiality or integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability primarily affects system availability and does not impact confidentiality or integrity. Therefore, it does not directly affect compliance with standards and regulations focused on data protection such as GDPR or HIPAA.