Privilege Escalation Vulnerability in SAP Cloud Appliance Library Appliances
CVE-2025-42909

3LOW

Key Information:

Vendor: SAP
Status: SAP Cloud Appliance Library Appliances
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-42909?

A privilege escalation vulnerability exists within SAP Cloud Appliance Library Appliances, allowing attackers with high-level privileges to exploit a default profile configuration in SAP S/4HANA. This misconfiguration enables unauthorized access to other SAP CAL appliances, potentially impacting user data. While this vulnerability has limited implications for confidentiality, it raises concerns regarding the overall security posture of affected systems and necessitates prompt remediation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP Cloud Appliance Library Appliances TITANIUM_WEBAPP 4.0

References

https://me.sap.com/notes/3643871

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

SAP