CVE-2025-42991 – SAP S/4HANA Bank Account Application Authorization Bypass

CVE ID : CVE-2025-42991

Published : June 10, 2025, 1:15 a.m. | 1 hour, 44 minutes ago

Description : SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated ‘approver’ user to delete attachment from bank account application of other user, leading to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…