CVE-2025-27435

Name of the Vulnerable Software and Affected Versions: SAP Commerce (affected versions not specified)

Description: The issue allows an unauthenticated attacker to access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL under specific conditions and prerequisites. This could enable the attacker to use the disclosed coupon code, posing a low impact on the confidentiality and integrity of the application.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.