Authorization Bypass in Fiori App Manage Payment Blocks by SAP
CVE-2025-42915

5.4MEDIUM

Key Information:

Vendor: SAP
Status: Fiori App (manage Payment Blocks)
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-42915?

The Fiori app Manage Payment Blocks by SAP is vulnerable due to the lack of adequate authorization checks. This flaw allows users with basic privileges to access functionalities that should be restricted to higher-privileged user groups. As a result, this vulnerability poses risks to both the confidentiality and integrity of sensitive information within the application, while not affecting its overall availability. Organizations using this app need to implement necessary security measures to ensure proper access controls are enforced.

Affected Version(s)

Fiori app (Manage Payment Blocks) S4CORE 107

Fiori app (Manage Payment Blocks) 108

References

https://me.sap.com/notes/3409013

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Apr 16, 2025