CVE-2025-25243

Name of the Vulnerable Software and Affected Versions: SAP Supplier Relationship Management (Master Data Management Catalog) version 7.52

Description: The issue allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any user interaction. This can reveal highly sensitive information with no impact to integrity or availability.

Recommendations: For version 7.52, consider disabling the publicly available servlet until a patch is available to prevent unauthorized file downloads. Restrict access to sensitive files and directories to minimize the risk of data exposure. As a temporary workaround, limit user interaction with the affected system to reduce the potential for exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.