Database Query Execution Vulnerability in SAP Starter Solution
CVE-2025-42889

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Starter Solution (pl Saft)
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-42889?

The SAP Starter Solution has a vulnerability that permits authenticated attackers to execute specifically crafted database queries. This exploitation can lead to unauthorized access to the back-end database, potentially exposing sensitive data. While this issue may compromise the confidentiality and integrity of the application, it does not affect availability, allowing attackers to manipulate the database without direct interruption of services.

Affected Version(s)

SAP Starter Solution (PL SAFT) SAP_APPL 600

SAP Starter Solution (PL SAFT) 602

SAP Starter Solution (PL SAFT) 603

References

https://me.sap.com/notes/2886616

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 16, 2025

JSON