CVE-2025-42934
published 2025-08-12CVE-2025-42934: SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the 'Trusted Sites' configuration by injecting line feed (LF) characters into application inputs. This vulnerability has a low impact on the application's integrity and no impact on confidentiality or availability.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_openipmi_2.0.33-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_openipmi_2.0.36-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_openipmi_2.0.32-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_openipmi_2.0.36-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| sap_se | sap_s_4hana | — | — |
| sap_se | sap_s_4hana | — | — |
| sap_se | sap_s_4hana | — | — |
| sap_se | sap_s_4hana | — | — |
| sap_se | sap_s_4hana | — | — |
| sap_se | sap_s_4hana | — | — |
| sap_se | sap_s_4hana | — | — |
| sap_se | sap_s_4hana | — | — |