Authorization Vulnerability in SAP S/4HANA Manage Central Purchase Contract
CVE-2025-42984

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP S/4hana (manage Central Purchase Contract Application)
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-42984?

A security flaw exists in SAP S/4HANA Manage Central Purchase Contract where necessary authorization checks are not enforced for authenticated users. This weakness allows an attacker to execute function imports on the affected entities, potentially leading to unauthorized alterations and actions being performed. Although this vulnerability has implications for data access, its impact on the overall confidentiality and availability of the application is limited.

Affected Version(s)

SAP S/4HANA (Manage Central Purchase Contract application) S4CORE 106

SAP S/4HANA (Manage Central Purchase Contract application) 107

SAP S/4HANA (Manage Central Purchase Contract application) 108

References

https://me.sap.com/notes/3441087

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 16, 2025