CVE-2025-42892OS Command Injection in SE SAP Business Connector

CWE-78OS Command Injection3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 71.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business ConnectorSAP Business Connector
Timeline
PublishedNov 11

Description

Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5sap_se/sap_business_connectorSAP BC 4.8

🔴Vulnerability Details

2
GHSA
GHSA-39xf-8w3x-39j6: Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network acce2025-11-11
CVEList
OS Command Injection vulnerability in SAP Business Connector2025-11-11
CVE-2025-42892 — OS Command Injection | cvebase