CVE-2025-42906 – Directory Traversal vulnerability in SAP Commerce Cloud

CVE ID : CVE-2025-42906

Published : Oct. 14, 2025, 1:15 a.m. | 1 hour, 24 minutes ago

Description : SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…