Information Disclosure Vulnerability in SAP Business One by SAP
CVE-2025-42897

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business One (sld)
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-42897?

An information disclosure vulnerability exists in the anonymous API of SAP Business One (SLD), enabling attackers with standard user access to retrieve sensitive information without proper authorization. While this flaw affects the confidentiality of the application, it does not compromise its integrity or availability, highlighting the need for timely patching and user awareness to safeguard sensitive data.

Affected Version(s)

SAP Business One (SLD) B1_ON_HANA 10.0

SAP Business One (SLD) SAP-M-BO 10.0

References

https://me.sap.com/notes/3652901

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 16, 2025

JSON