Broken Authorization in SAP Business One by SAP
CVE-2025-42951

8.8HIGH

Key Information:

Vendor: SAP
Status: SAP Business One (sld)
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-42951?

An authentication flaw in SAP Business One (SLD) enables attackers to exploit broken authorization processes. By utilizing specific APIs, authenticated users can obtain unauthorized administrative privileges, posing a serious risk to the application's confidentiality, integrity, and availability. This vulnerability could lead to severe data breaches, affecting sensitive business information and operations.

Affected Version(s)

SAP Business One (SLD) B1_ON_HANA 10.0

SAP Business One (SLD) SAP-M-BO 10.0

References

https://me.sap.com/notes/3625403

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025