CVE-2025-42993

Name of the Vulnerable Software and Affected Versions SAP S/4HANA (affected versions not specified)

Description The issue is related to a missing authorization check in the Enterprise Event Enablement component. An attacker with access to the Inbound Binding Configuration can create an RFC destination and assign it to a high-privilege user, allowing for code execution under the privileges of the assigned user. This poses a significant risk to Confidentiality and Integrity, with a lower impact on Availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.