CVE-2025-42989

{"id": "CVE-2025-42989", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 3.1}]}, "published": "2025-06-10T01:15:22.183", "references": [{"url": "https://me.sap.com/notes/3600840", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "RFC inbound processing\ufffddoes not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application."}, {"lang": "es", "value": "El procesamiento entrante de RFC no realiza las comprobaciones de autorizaci\u00f3n necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Si se explota con \u00e9xito, el atacante podr\u00eda afectar gravemente la integridad y la disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2025-06-12T16:06:39.330", "sourceIdentifier": "cna@sap.com"}