CVE-2025-42983 PUBLISHED

Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis

Assigner: sap
Reserved: 16.04.2025 Published: 10.06.2025 Updated: 10.06.2025

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any data.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
CVSS Score: 8.5

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP Business Warehouse and SAP Plug-In Basis
Versions	Default: unaffected Version PI_BASIS 2006_1_700 is affected Version 701 is affected Version 702 is affected Version 731 is affected Version 740 is affected Version SAP_BW 750 is affected Version 751 is affected Version 752 is affected Version 753 is affected Version 754 is affected Version 755 is affected Version 756 is affected Version 757 is affected Version 758 is affected Version 914 is affected Version 915 is affected

CVE-2025-42983 PUBLISHED

Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis

Metrics

Product Status

References

Problem Types