CVE-2025-43008

Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.

CVSS v3 5.8 MEDIUM

5.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3585992
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

13 May 2025, 19:35

Type	Values Removed	Values Added
Summary		(es) Debido a la falta de verificación de autorización, un usuario no autorizado puede acceder a los archivos de otra empresa. Esto podría conllevar la divulgación de datos personales de los empleados. Esto no afecta la integridad ni la disponibilidad.

13 May 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-13 01:15

Updated : 2025-05-13 19:35

NVD link : CVE-2025-43008

Mitre link : CVE-2025-43008

CVE.ORG link : CVE-2025-43008

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

5.8 /10