Directory Traversal Vulnerability in SAP S/4HANA - Bank Communication Management
CVE-2025-42946

6.9MEDIUM

Key Information:

Vendor: SAP
Status: SAP S/4hana (bank Communication Management)
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-42946?

A directory traversal vulnerability in SAP S/4HANA's Bank Communication Management allows a privileged attacker to access sensitive operating system files. By exploiting this vulnerability, the attacker could potentially read or delete critical files, thereby compromising the confidentiality of sensitive data. This issue underscores the importance of securing transaction methods to prevent unauthorized access to system internals.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP S/4HANA (Bank Communication Management) SAP_APPL 606

SAP S/4HANA (Bank Communication Management) SAP_FIN 617

SAP S/4HANA (Bank Communication Management) 618

References

https://me.sap.com/notes/3614804

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

SAP

What is CVE-2025-42946?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.