CVE-2025-42910

CVSS v3.1

9.0

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP Supplier Relationship Management (affected versions not specified)

Description SAP Supplier Relationship Management does not properly verify the type or content of uploaded files. This allows an authenticated attacker to upload arbitrary files, including potentially malicious executables. If these files are downloaded and executed by users, they could host malware, leading to severe security breaches impacting confidentiality, integrity, and availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2025-42910

Affected Products

Sap Supplier Relationship Management

CVE-2025-42910

Weakness Enumeration

Related Identifiers

Affected Products

References · 10