CVE-2025-42894

CWE-22Path Traversal3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 81.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business ConnectorSAP Business Connector
Timeline
PublishedNov 11

Description

Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system commands on the server, resulting in a complete compromise of the confidentiality, integrity, and availability of the affected system.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5sap_se/sap_business_connectorSAP BC 4.8

🔴Vulnerability Details

2
GHSA
GHSA-p996-cqr5-xw36: Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write,2025-11-11
CVEList
Path Traversal vulnerability in SAP Business Connector2025-11-11
CVE-2025-42894 (MEDIUM CVSS 6.8) | Due to a Path Traversal vulnerabili | cvebase.io