CVE-2025-42965

Name of the Vulnerable Software and Affected Versions: SAP CMC Promotion Management (affected versions not specified)

Description: The issue allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analyzing response times for various IP addresses and ports, the attacker can infer valid network endpoints. This may lead to information disclosure, but it does not impact the integrity or availability of the application.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.