CVE-2025-25243

Path traversal vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)

Description

SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any user interaction. This can reveal highly sensitive information with no impact to integrity or availability.

INFO

Published Date :

2025-02-11T00:38:02.558Z

Last Modified :

2025-02-18T18:03:33.640Z

Source :

sap

AFFECTED PRODUCTS

The following products are affected by CVE-2025-25243 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-25243.

URL	Resource
https://me.sap.com/notes/3567551
https://url.sap/sapsecuritypatchday

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact