Input Validation Flaw in SAP ABAP Report Allows Database Table Deletion
CVE-2025-42929

8.1HIGH

Key Information:

Vendor: SAP
Status: SAP Landscape Transformation Replication Server
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-42929?

An input validation flaw in SAP ABAP Reports enables attackers with high privilege access to delete contents from arbitrary database tables. This vulnerability poses a significant risk when the targeted tables lack proper authorization group protection, potentially compromising database integrity and availability.

Affected Version(s)

SAP Landscape Transformation Replication Server DMIS 2011_1_620

SAP Landscape Transformation Replication Server 2011_1_640

SAP Landscape Transformation Replication Server 2011_1_700

References

https://me.sap.com/notes/3633002

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Apr 16, 2025