Privilege Escalation Vulnerability in SAP S4CORE Affecting Journal Entries
CVE-2025-42899

4.3MEDIUM

Key Information:

Vendor

SAP
Status
SAP S4core (manage Journal Entries)
Vendor
CVE Published:
11 November 2025

What is CVE-2025-42899?

A vulnerability in SAP S4CORE (Manage journal entries) allows authenticated users to bypass certain authorization checks. This flaw can lead to unauthorized privilege escalation, potentially enabling users to perform actions beyond their intended permissions, although it does not compromise the confidentiality, integrity, or availability of the application. It is crucial for organizations using this product to apply relevant security patches and monitor for updates to maintain secure operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP S4CORE (Manage Journal Entries) S4CORE 104

SAP S4CORE (Manage Journal Entries) 105

SAP S4CORE (Manage Journal Entries) 106

References

https://me.sap.com/notes/3530544
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.