Skip to main content

SAP EUVDEUVD-2025-20349

| CVE-2025-42960 MEDIUM
Missing Authorization (CWE-862)
2025-07-08 cna@sap.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 04:21 euvd
EUVD-2025-20349
Analysis Generated
Mar 16, 2026 - 04:21 vuln.today
CVE Published
Jul 08, 2025 - 01:15 nvd
MEDIUM 4.3

DescriptionCVE.org

SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentiality and availability of the application.

AnalysisAI

CVE-2025-42960 is a security vulnerability (CVSS 4.3) that allows an authenticated attacker. Remediation should follow standard vulnerability management procedures.

Technical ContextAI

CWE-862 (Missing Authorization).

RemediationAI

Monitor vendor channels for patch availability.

Share

EUVD-2025-20349 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy