CVE-2025-42876

Missing Authorization Check in SAP S/4 HANA Private Cloud (Financials General Ledger)

Description

Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could result in a high impact to confidentiality and a low impact to integrity, while availability remains unaffected.

INFO

Published Date :

2025-12-09T02:14:40.888Z

Last Modified :

2025-12-09T16:02:29.682Z

Source :

sap

AFFECTED PRODUCTS

The following products are affected by CVE-2025-42876 vulnerability.

Vendors	Products
Sap	Hana S/4 Hana

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-42876.

URL	Resource
https://me.sap.com/notes/3672151
https://url.sap/sapsecuritypatchday

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact