CVE-2025-42880
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | solution_manager | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists because SAP Solution Manager does not properly sanitize input, allowing an authenticated attacker to insert malicious code when calling a remote-enabled function module. This can lead to the attacker gaining full control over the system.
How can this vulnerability impact me? :
The vulnerability can have a high impact on the confidentiality, integrity, and availability of the system, potentially allowing an attacker to fully control the affected SAP Solution Manager system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to gain full control over the system, impacting confidentiality, integrity, and availability of data. Such a compromise could lead to violations of compliance requirements under standards like GDPR and HIPAA, which mandate protection of sensitive data and system integrity. However, specific impacts on compliance are not detailed in the provided resources.