What is the CVSS score of CVE-2025-42984?

CVE-2025-42984 has a CVSS 3.1 base score of 5.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L. EPSS exploitation probability: 0.1%.

Which versions of SAP are affected by CVE-2025-42984?

CVE-2025-42984 presents moderate security risk, a missing authorization vulnerability rated CVSS 5.4. Attackers could gain access beyond their authorized level.

How to fix or mitigate CVE-2025-42984?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

SAP CVE-2025-42984

EUVD-2025-17602 MEDIUM

Missing Authorization (CWE-862)

2025-06-10 cna@sap.com

Authentication Bypass SAP

5.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17602

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 01:15 nvd

MEDIUM 5.4

DescriptionNVD

SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application.

AnalysisAI

CVE-2025-42984 is a security vulnerability (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

Technical ContextAI

CWE-862 (Missing Authorization).

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-42984 vulnerability details – vuln.today

Back