File Upload Vulnerability in SAP Supplier Relationship Management
CVE-2025-42910

9CRITICAL

Key Information:

Vendor: SAP
Status: SAP Supplier Relationship Management
Vendor: CVE Published:; 14 October 2025

Badges

📈 Score: 143📰 News Worthy

What is CVE-2025-42910?

CVE-2025-42910 is a vulnerability identified in SAP Supplier Relationship Management (SRM), a key solution utilized by organizations to manage supplier interactions and procurement processes effectively. This vulnerability originates from inadequate verification of file types or content, allowing authenticated users to upload arbitrary files. Such files may include executable programs, posing significant risks when they are subsequently downloaded and executed by other users within the system. The exploitation of this vulnerability can severely compromise the confidentiality, integrity, and availability of the application, leading to potential data breaches and disruption of business operations. Organizations utilizing SAP SRM could face critical challenges in safeguarding sensitive data and maintaining operational effectiveness due to this flaw.

Potential impact of CVE-2025-42910

Data Breaches: The ability for attackers to upload malicious files can enable unauthorized access to sensitive data, leading to potential data breaches that affect organizational confidentiality and compliance with data protection regulations.
Malware Distribution: By executing the uploaded malicious files, the vulnerability allows for the possibility of spreading malware throughout the organization’s network, increasing the risk of broader cyber threats and exploitation.
Operational Disruption: The exploitation of this vulnerability could disrupt essential procurement and supplier management processes, impacting day-to-day operations and overall business continuity, which may result in financial losses and reputational damage.