CVE-2025-42933
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-09

Assigner: SAP SE

Description
When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and availability of the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-09
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-14
NVD
CVE-2025-42933
EUVD
EUVD-2025-27198
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sap sap_business_one *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when a user logs in via the SAP Business One native client. The SLD backend service does not properly enforce encryption on certain APIs, which causes sensitive credentials to be exposed within the HTTP response body.

Impact Analysis

The vulnerability can have a high impact on the confidentiality, integrity, and availability of the application, potentially allowing attackers to access sensitive credentials and compromise the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-42933. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart