CVE-2025-43009

SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/2491817
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

13 May 2025, 19:35

Type	Values Removed	Values Added
Summary		(es) SAP Service Parts Management (SPM) no realiza las comprobaciones de autorización necesarias para un usuario autenticado, lo que permite a un atacante escalar privilegios. Esto tiene un impacto mínimo en la confidencialidad, la integridad y la disponibilidad de la aplicación.

13 May 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-13 01:15

Updated : 2025-05-13 19:35

NVD link : CVE-2025-43009

Mitre link : CVE-2025-43009

CVE.ORG link : CVE-2025-43009

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

6.3 /10