EUVD-2025-17603
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
Lifecycle Timeline
3Description
SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any data.
Analysis
High-severity authentication bypass vulnerability in SAP Business Warehouse and SAP Plug-In Basis that allows authenticated attackers to drop arbitrary database tables, resulting in data loss or system unavailability. The vulnerability requires valid credentials but no user interaction, affecting systems across the network with a CVSS score of 8.5. While integrity impact is limited (attacker cannot read data), availability impact is severe, making this a critical integrity and availability threat for SAP deployments.
Technical Context
This vulnerability stems from improper authorization checks (CWE-862: Missing Authorization) in SAP Business Warehouse and SAP Plug-In Basis database interaction layers. The affected products lack adequate privilege validation when processing database table deletion commands, allowing authenticated users to escalate beyond their intended permissions. The vulnerability likely exists in the database connectivity components (DBConnect, RFC layers, or direct SQL execution paths) where table drop operations are not properly gated by role-based access controls. SAP Plug-In Basis, which provides foundational database abstraction and connectivity services, compounds the risk by propagating this flaw across multiple SAP applications that depend on it. The absence of confidentiality impact indicates the vulnerability specifically targets data modification/deletion operations rather than data disclosure mechanisms.
Affected Products
SAP Business Warehouse (all versions, specific version ranges not provided in input); SAP Plug-In Basis (all versions, specific version ranges not provided in input). Affected deployments include: (1) SAP BW systems using SAP Plug-In Basis for database connectivity; (2) Any downstream systems leveraging SAP Plug-In Basis database abstraction; (3) Systems with RFC or direct database connectivity to compromised BW instances. CPE data not provided in input, but affected CPE patterns would include: cpe:2.3:a:sap:business_warehouse:*:*:*:*:*:*:*:* and cpe:2.3:a:sap:pluginbasis:*:*:*:*:*:*:*:*. Vendor advisory reference: SAP Security Bulletin (specific URL not provided in input—check SAP Security Patches portal for CVE-2025-42983). Note: exact affected versions must be cross-referenced with official SAP patch documentation.
Remediation
Immediate actions: (1) Apply SAP security patches for Business Warehouse and Plug-In Basis from SAP Security Bulletins (CVE-2025-42983 patch release); (2) Restrict database access credentials—implement principle of least privilege, limiting user roles to minimum required permissions for table operations; (3) Audit database user privileges and remove unnecessary DROP TABLE permissions from application service accounts and standard user roles; (4) Implement database-level controls: use DBMS role-based access controls to restrict DROP TABLE operations to DBAs only, not application accounts; (5) Monitor database activity logs for unusual DROP TABLE commands from unexpected users/service accounts. Workarounds (pending patch): (1) Implement network-level restrictions limiting database access to trusted networks only; (2) Apply database table encryption and backup strategies to minimize impact of deletion; (3) Enforce multi-factor authentication for privileged database access; (4) Create read-only copies of critical tables for recovery purposes. Patch availability: Check SAP Patch Portal and official Security Bulletins for release dates (exact dates not provided in input).
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today