User Enumeration Vulnerability in SAP Financial Service Claims Management
CVE-2025-42903

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Financial Service Claims Management
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-42903?

A flaw in the RFC function ICL_USER_GET_NAME_AND_ADDRESS within SAP Financial Service Claims Management permits user enumeration, enabling unauthorized users to potentially disclose personal data due to discrepancies in response handling. This weakness poses a risk to the confidentiality of sensitive information, highlighting the necessity for security enhancements to mitigate data exposure.

Affected Version(s)

SAP Financial Service Claims Management INSURANCE 803

SAP Financial Service Claims Management 804

SAP Financial Service Claims Management 805

References

https://me.sap.com/notes/3656781

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Apr 16, 2025

JSON