Database Manipulation Vulnerability in SAP Business Warehouse and Plug-In Basis
CVE-2025-42983

8.5HIGH

Key Information:

Vendor: SAP
Status: SAP Business Warehouse And SAP Plug-in Basis
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-42983?

An authentication flaw in SAP Business Warehouse and SAP Plug-In Basis permits an authenticated attacker to execute unauthorized database operations. By exploiting this vulnerability, attackers have the capability to drop arbitrary tables within the SAP database, leading to potential data loss and system unavailability. While this breach enables the deletion of database entries, it does not grant access to read the existing data, posing significant risks to the integrity and availability of vital information.

Affected Version(s)

SAP Business Warehouse and SAP Plug-In Basis PI_BASIS 2006_1_700

SAP Business Warehouse and SAP Plug-In Basis 701

SAP Business Warehouse and SAP Plug-In Basis 702

References

https://me.sap.com/notes/3606484

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 16, 2025