Path Traversal Vulnerability in SAP Commerce Cloud by SAP
CVE-2025-42906

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Commerce Cloud
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-42906?

SAP Commerce Cloud has a path traversal vulnerability that allows unauthorized users to access administrative web applications like the Administration Console from unintended addresses. This flaw can circumvent set access restrictions, potentially compromising confidentiality. It is crucial for users to implement proper security measures and updates to safeguard against such vulnerabilities.

Affected Version(s)

SAP Commerce Cloud COM_CLOUD 2211

References

https://me.sap.com/notes/3634724

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Apr 16, 2025

JSON