CVE-2025-42892

Name of the Vulnerable Software and Affected Versions SAP Business Connector (affected versions not specified)

Description An OS Command Injection issue exists in SAP Business Connector. An authenticated attacker with administrative access and adjacent network access can upload specially crafted content to the server. Processing this content allows execution of arbitrary operating system commands, potentially leading to a full compromise of the system’s confidentiality, integrity, and availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.