CVE-2025-42910

critical

Description

Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker could cause high impact on confidentiality, integrity and availability of the application.

References

https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-netweaver-print-service-srm/

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3647332

Details

Source: Mitre, NVD

Published: 2025-10-14

Updated: 2025-10-14

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00039