Arbitrary Code Injection Vulnerability in SAP Landscape Transformation
CVE-2025-31330

9.9CRITICAL

Key Information:

Vendor: SAP
Status: SAP Landscape Transformation (analysis Platform)
Vendor: CVE Published:; 8 April 2025

Summary

SAP Landscape Transformation (SLT) contains a serious vulnerability that permits attackers with existing user privileges to exploit a flaw in the function module exposed via RFC. This security issue allows the injection of arbitrary ABAP code, thereby bypassing critical authorization checks. As a result, it creates a significant risk of unauthorized access, effectively acting as a backdoor into the system and jeopardizing its confidentiality, integrity, and availability.

Affected Version(s)

SAP Landscape Transformation (Analysis Platform) DMIS 2011_1_700

SAP Landscape Transformation (Analysis Platform) 2011_1_710

SAP Landscape Transformation (Analysis Platform) 2011_1_730

References

https://me.sap.com/notes/3587115

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Mar 27, 2025