VDB

CISA-2025-42967

CISA-2025-42967 PUBLISHED CVSS 9.9 CRITICAL

Reported by sap · Published July 8, 2025

SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application.

Risk Scores

CVSS 3.1
9.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)SCMAPO 713, 714, S4CORE 102
SAP_SESAP S/4HANA and SAP SCM (Characteristic Propagation)SCMAPO 713, S4CORE 102, 103

Timeline

  • Jul 8, 2025 CVE Published
  • Jul 9, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›