Security Advisory

CVE-2025-42876

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-09 02:14:40

Last updated 2025-12-09 16:02:29

Assigner sap

State PUBLISHED

Description

Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could result in a high impact to confidentiality and a low impact to integrity, while availability remains unaffected.

← Browse all CVEs View on cve.org ↗