CVE-2025-25243 — Path Traversal in SE SAP Supplier Relationship Management

CWE-22 — Path Traversal3 documents3 sources

Severity

8.6HIGHNVD

EPSS

0.3%

top 50.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Supplier Relationship Management

Timeline

PublishedFeb 11

Description

SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any user interaction. This can reveal highly sensitive information with no impact to integrity or availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

▶CVEListV5sap_se/sap_supplier_relationship_managementSRM_MDM_CAT 7.52

🔴Vulnerability Details

CVEList

Path traversal vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)↗2025-02-11

▶

GHSA

GHSA-2c76-qm2v-h37j: SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to downlo↗2025-02-11

▶