CVE-2025-42930
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-09

Assigner: SAP SE

Description
SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-09
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-42930
EUVD
EUVD-2025-27199
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sap business_planning_and_consolidation 3.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-606 The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in SAP Business Planning and Consolidation allows an authenticated standard user to invoke a function module with specially crafted parameters that cause a loop, which consumes excessive system resources and results in system unavailability.

Impact Analysis

The vulnerability impacts the availability of the SAP Business Planning and Consolidation application by causing excessive resource consumption and potentially making the system unavailable. There is no impact on confidentiality or integrity.

Compliance Impact

This vulnerability primarily affects system availability and does not impact confidentiality or integrity. Therefore, it does not directly affect compliance with standards and regulations focused on data protection such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-42930. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart