Privilege Escalation Vulnerability in SAP HCM My Timesheet Fiori Application
CVE-2025-42914

3.1LOW

Key Information:

Vendor: SAP
Status: SAP Hcm (my Timesheet Fiori 2.0 Application)
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-42914?

An identified issue in the SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with extensive system knowledge to bypass authorization checks. This vulnerability permits the escalation of privileges, granting unauthorized access to restricted functionalities, thereby compromising the integrity of the application. Although the overall impact on confidentiality and availability is limited, it poses potential risks if exploited. Regular patch management and system audits are advisable to mitigate such vulnerabilities.

Affected Version(s)

SAP HCM (My Timesheet Fiori 2.0 application) GBX01HR5 605

References

https://me.sap.com/notes/3635587

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Apr 16, 2025