VDB
CISA-2025-42967
CISA-2025-42967
PUBLISHED
CVSS 9.9 CRITICAL
Reported by sap · Published July 8, 2025
SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.
Risk Scores
CVSS 3.1
9.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP_SE | SAP S/4HANA and SAP SCM (Characteristic Propagation) | SCMAPO 713, 714, S4CORE 102 |
| SAP_SE | SAP S/4HANA and SAP SCM (Characteristic Propagation) | SCMAPO 713, S4CORE 102, 103 |
Timeline
- Jul 8, 2025 CVE Published
- Jul 9, 2025 CVE Updated