Directory Traversal Vulnerability in SAP Print Service by SAP
CVE-2025-42937

9.8CRITICAL

Key Information:

Vendor: SAP
Status: SAP Print Service
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-42937?

An incomplete validation of user-provided path information in SAP Print Service allows unauthenticated attackers to exploit the service. By traversing to the parent directory, it is possible for them to overwrite critical system files, leading to significant compromises in application confidentiality, integrity, and availability. Organizations utilizing SAP Print Service should apply the recommended security patches to mitigate risks associated with this vulnerability.

Affected Version(s)

SAP Print Service SAPSPRINT 8.00

SAP Print Service 8.10

References

https://me.sap.com/notes/3630595

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Apr 16, 2025

JSON