SSRF Vulnerability in SAP CRM and S/4HANA Products by SAP
CVE-2025-27430

3.5LOW

Key Information:

Vendor: SAP
Status: SAP Crm And SAP S/4hana (interaction Center)
Vendor: CVE Published:; 11 March 2025

Summary

A Server-Side Request Forgery (SSRF) vulnerability exists in SAP CRM and SAP S/4HANA, specifically in the Interaction Center module. This issue allows an attacker with minimal privileges to make unauthorized requests to internal network resources, potentially leading to exposure of sensitive information. The flaw compromises the confidentiality of the application but does not affect its integrity or availability. It is crucial for organizations utilizing these systems to address this vulnerability promptly to safeguard their data.

Affected Version(s)

SAP CRM and SAP S/4HANA (Interaction Center) S4CRM 100

SAP CRM and SAP S/4HANA (Interaction Center) 200

SAP CRM and SAP S/4HANA (Interaction Center) 204

References

https://me.sap.com/notes/3561861

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Feb 25, 2025