CVE-2025-42930

CWE-6063 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 74.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Business Planning AND Consolidation
Timeline
PublishedSep 9

Description

SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Denial of Service (DoS) vulnerability in SAP Business Planning and Consolidation2025-09-09
GHSA
GHSA-h5jh-jx39-4794: SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a2025-09-09
CVE-2025-42930 (MEDIUM CVSS 6.5) | SAP Business Planning and Consolida | cvebase.io