CVE-2025-42899

Missing Authorization check in SAP S4CORE (Manage Journal Entries)

Description

SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application.

INFO

Published Date :

2025-11-11T00:20:03.667Z

Last Modified :

2025-11-12T20:09:49.885Z

Source :

sap

AFFECTED PRODUCTS

The following products are affected by CVE-2025-42899 vulnerability.

Vendors	Products
Sap	S4core

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-42899.

URL	Resource
https://me.sap.com/notes/3530544
https://url.sap/sapsecuritypatchday

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact