CVE-2025-42906Path Traversal in SE SAP Commerce Cloud

CWE-22Path Traversal3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 80.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Commerce Cloud
Timeline
PublishedOct 14

Description

SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5sap_se/sap_commerce_cloudCOM_CLOUD 2211

🔴Vulnerability Details

2
CVEList
Directory Traversal vulnerability in SAP Commerce Cloud2025-10-14
GHSA
GHSA-rgqc-r9wh-cchg: SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from add2025-10-14
CVE-2025-42906 — Path Traversal | cvebase