CVE-2025-43003Exposed Dangerous Method or Function in SE SAP S 4hana

CWE-749Exposed Dangerous Method or Function3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.2%
top 55.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP S 4hana
Timeline
PublishedMay 13

Description

SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive information. This could cause a high impact on confidentiality and minimal impact on integrity and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:LExploitability: 1.6 | Impact: 4.7

Affected Packages1 packages

CVEListV5sap_se/sap_s_4hana9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-c588-wghg-39q4: SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout di2025-05-13
CVEList
Information Disclosure vulnerability in SAP S/4HANA (Private Cloud & On-Premise)2025-05-13
CVE-2025-43003 — Exposed Dangerous Method or Function | cvebase