What is the CVSS score of CVE-2025-42983?

CVE-2025-42983 has a CVSS 3.1 base score of 8.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H. EPSS exploitation probability: 0.1%.

Which versions of SAP are affected by CVE-2025-42983?

CVE-2025-42983 affects SAP Business Warehouse deployments and allows authenticated users to permanently delete critical database tables, resulting in potential data loss and system unavailability.

How to fix or mitigate CVE-2025-42983?

Within 24 hours: Inventory all SAP Business Warehouse and SAP Plug-In Basis installations and restrict database access to essential personnel only. Within 7 days: Implement enhanced monitoring and logging of database drop commands, review user access privileges, and establish incident response procedures specific to unauthorized database deletions. Within 30 days: Develop a detailed remediation plan including network segmentation of database layers and prepare a rollback/recovery procedure; contact SAP for patch availability and timeline.

SAP CVE-2025-42983

EUVD-2025-17603 HIGH

Missing Authorization (CWE-862)

2025-06-10 cna@sap.com

Privilege Escalation Denial Of Service SAP

8.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17603

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 01:15 nvd

HIGH 8.5

DescriptionNVD

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any data.

AnalysisAI

High-severity authentication bypass vulnerability in SAP Business Warehouse and SAP Plug-In Basis that allows authenticated attackers to drop arbitrary database tables, resulting in data loss or system unavailability. The vulnerability requires valid credentials but no user interaction, affecting systems across the network with a CVSS score of 8.5. While integrity impact is limited (attacker cannot read data), availability impact is severe, making this a critical integrity and availability threat for SAP deployments.

Technical ContextAI

This vulnerability stems from improper authorization checks (CWE-862: Missing Authorization) in SAP Business Warehouse and SAP Plug-In Basis database interaction layers. The affected products lack adequate privilege validation when processing database table deletion commands, allowing authenticated users to escalate beyond their intended permissions. The vulnerability likely exists in the database connectivity components (DBConnect, RFC layers, or direct SQL execution paths) where table drop operations are not properly gated by role-based access controls. SAP Plug-In Basis, which provides foundational database abstraction and connectivity services, compounds the risk by propagating this flaw across multiple SAP applications that depend on it. The absence of confidentiality impact indicates the vulnerability specifically targets data modification/deletion operations rather than data disclosure mechanisms.

RemediationAI

Immediate actions: (1) Apply SAP security patches for Business Warehouse and Plug-In Basis from SAP Security Bulletins (CVE-2025-42983 patch release); (2) Restrict database access credentials—implement principle of least privilege, limiting user roles to minimum required permissions for table operations; (3) Audit database user privileges and remove unnecessary DROP TABLE permissions from application service accounts and standard user roles; (4) Implement database-level controls: use DBMS role-based access controls to restrict DROP TABLE operations to DBAs only, not application accounts; (5) Monitor database activity logs for unusual DROP TABLE commands from unexpected users/service accounts. Workarounds (pending patch): (1) Implement network-level restrictions limiting database access to trusted networks only; (2) Apply database table encryption and backup strategies to minimize impact of deletion; (3) Enforce multi-factor authentication for privileged database access; (4) Create read-only copies of critical tables for recovery purposes. Patch availability: Check SAP Patch Portal and official Security Bulletins for release dates (exact dates not provided in input).

CVE-2025-42983 vulnerability details – vuln.today

Back