VDB

CISA-2025-42950

CISA-2025-42950 PUBLISHED CVSS 9.9 CRITICAL

Reported by sap · Published August 12, 2025

SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.

Risk Scores

CVSS 3.1
9.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
SAP_SESAP Landscape Transformation (Analysis Platform)DMIS 2011_1_700, 2011_1_710, 2011_1_730
SAP_SESAP Landscape Transformation (Analysis Platform)DMIS 2011_1_700, 2011_1_730, 2011_1_752

Timeline

  • Aug 12, 2025 CVE Published
  • Aug 13, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›