SAP Landscape Transformation Vulnerability in RFC Function Module
CVE-2025-42950

9.9CRITICAL

Key Information:

Vendor: SAP
Status: SAP Landscape Transformation (analysis Platform)
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-42950?

The vulnerability in SAP Landscape Transformation (SLT) permits an attacker with user privileges to exploit a flaw in the function module accessible via RFC. This vulnerability allows the injection of malicious ABAP code, bypassing crucial authorization checks. As a result, it acts as an entry point for potential full system compromise, jeopardizing the system's confidentiality, integrity, and availability.

Affected Version(s)

SAP Landscape Transformation (Analysis Platform) DMIS 2011_1_700

SAP Landscape Transformation (Analysis Platform) 2011_1_710

SAP Landscape Transformation (Analysis Platform) 2011_1_730

References

https://me.sap.com/notes/3633838

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025