CVE-2025-25243 – SAP Supplier Relationship Management (SRM) File Disclosure

The following table lists the changes that have been made to the CVE-2025-25243 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Feb. 11, 2025

    Action Type Old Value New Value
    Added Description SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any user interaction. This can reveal highly sensitive information with no impact to integrity or availability.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    Added CWE CWE-22
    Added Reference https://me.sap.com/notes/3567551
    Added Reference https://url.sap/sapsecuritypatchday

نوشته های مشابه

CVE-2024-27859 – Apple Web Content Arbitrary Code Execution Vulnerability

CVE-2025-26410 – Wattsense Bridge Hard-Coded Credentials Disclosure

CVE-2025-26411 – Wattsense Bridge Remote Code Execution Vulnerability

CVE-2024-45386 – Siemens SIMATIC PCS neo Session Hijacking Vulnerability