Input Validation Flaw in SAP ABAP Reports Affects Database Integrity
CVE-2025-42916

8.1HIGH

Key Information:

Vendor: SAP
Status: SAP S/4hana (private Cloud Or On-premise)
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-42916?

An input validation vulnerability allows attackers with high privilege access to SAP ABAP reports to delete content from arbitrary database tables if those tables lack proper authorization group protections. This weakness can severely compromise the integrity and availability of the database, posing significant risks to data management and operational capabilities.

Affected Version(s)

SAP S/4HANA (Private Cloud or On-Premise) S4CORE 102

SAP S/4HANA (Private Cloud or On-Premise) 103

SAP S/4HANA (Private Cloud or On-Premise) 104

References

https://me.sap.com/notes/3635475

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Apr 16, 2025