Information Disclosure Vulnerability in SAP Promotion Management Wizard
CVE-2025-43000

7.9HIGH

Key Information:

Vendor: SAP
Status: Promotion Management Wizard
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-43000?

The SAP Promotion Management Wizard contains a vulnerability that allows an unauthorized attacker to gain access to sensitive information under certain conditions. This breach results in a compromise of data confidentiality while maintaining low impact on the integrity and availability of the application. Organizations using this tool are advised to apply relevant security patches to mitigate potential risks associated with this vulnerability.

References

https://me.sap.com/notes/3586013

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 13, 2025