File Download Vulnerability in SAP Supplier Relationship Management
CVE-2025-25243
8.6HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 11 February 2025
What is CVE-2025-25243?
A vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to exploit a publicly accessible servlet. This enables the attacker to download arbitrary files from the network without any user interaction. The exploitation of this vulnerability can lead to the exposure of highly sensitive information, posing significant risks to data privacy and security.
Affected Version(s)
SAP Supplier Relationship Management (Master Data Management Catalog) SRM_MDM_CAT 7.52