CVE-2025-42951Incorrect Authorization in SE SAP Business ONE

CWE-863Incorrect Authorization3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 81.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Business ONE
Timeline
PublishedAug 12

Description

Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5sap_se/sap_business_oneB1_ON_HANA 10.0, SAP-M-BO 10.0+1

🔴Vulnerability Details

2
CVEList
Broken Authorization in SAP Business One (SLD)2025-08-12
GHSA
GHSA-7hc9-w8q3-pjpj: Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the co2025-08-12
CVE-2025-42951 — Incorrect Authorization | cvebase