CVE-2025-42939

Name of the Vulnerable Software and Affected Versions SAP S/4HANA (affected versions not specified)

Description An authenticated attacker with basic privileges can delete conditions from any shared rule of any user by manipulating the request parameter. This is due to a missing authorization check, which allows the attacker to delete shared rule conditions that should be restricted, compromising the integrity of the application. The affected component is Manage Processing Rules - For Bank Statements.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.