Directory Traversal Vulnerability in SAP S/4HANA - Bank Communication Management
CVE-2025-42946

6.9MEDIUM

Key Information:

Vendor: SAP
Status: SAP S/4hana (bank Communication Management)
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-42946?

A directory traversal vulnerability in SAP S/4HANA's Bank Communication Management allows a privileged attacker to access sensitive operating system files. By exploiting this vulnerability, the attacker could potentially read or delete critical files, thereby compromising the confidentiality of sensitive data. This issue underscores the importance of securing transaction methods to prevent unauthorized access to system internals.

Affected Version(s)

SAP S/4HANA (Bank Communication Management) SAP_APPL 606

SAP S/4HANA (Bank Communication Management) SAP_FIN 617

SAP S/4HANA (Bank Communication Management) 618

References

https://me.sap.com/notes/3614804

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025