CVE-2025-42910Unrestricted File Upload in SE SAP Supplier Relationship Management

CWE-434Unrestricted File Upload3 documents3 sources
Severity
9.0CRITICALNVD
EPSS
0.0%
top 87.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Supplier Relationship Management
Timeline
PublishedOct 14

Description

Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker could cause high impact on confidentiality, integrity and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages1 packages

CVEListV5sap_se/sap_supplier_relationship_management150, SRMNXP01 100+1

🔴Vulnerability Details

2
GHSA
GHSA-m9f2-gpgf-6q7h: Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files2025-10-14
CVEList
Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management2025-10-14
CVE-2025-42910 — Unrestricted File Upload | cvebase