CVE-2025-42947

SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be executed by the application. An attacker could thereby control the behaviour of the application causing high impact on integrity, low impact on availability and no impact on confidentiality of the application.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3540688
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

25 Jul 2025, 15:29

Type	Values Removed	Values Added
Summary		(es) El framework SAP FICA ODN permite a un usuario con privilegios elevados inyectar valor en la variable local, que la aplicación puede ejecutar. De esta forma, un atacante podría controlar el comportamiento de la aplicación, lo que afectaría gravemente su integridad, su disponibilidad y su confidencialidad.

23 Jul 2025, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-23 04:15

Updated : 2025-07-25 15:29

NVD link : CVE-2025-42947

Mitre link : CVE-2025-42947

CVE.ORG link : CVE-2025-42947

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

5.5 /10