Local Variable Injection Vulnerability in SAP FICA ODN Framework
CVE-2025-42947

5.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Fica Odn Framework
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-42947?

The SAP FICA ODN framework has a vulnerability that allows users with high privileges to inject malicious values into local variables. This can lead to unexpected application behavior, compromising the integrity of the application. While the availability of the application remains largely unaffected, it opens a pathway for attackers to manipulate application functions, which poses significant risks to business operations. Organizations using this framework should assess their security posture and apply recommended patches to mitigate potential risks.

Affected Version(s)

SAP FICA ODN framework SAPSCORE 132

SAP FICA ODN framework S4CORE 102

SAP FICA ODN framework 103

References

https://me.sap.com/notes/3540688

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Apr 16, 2025