Authorization Bypass in SAP S4CORE OData Allows Access to Restricted Information
CVE-2025-43002

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP S4/hana (odata Meta-data Property)
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-43002?

The SAP S4CORE OData service is vulnerable to an authorization bypass that allows authenticated users to access restricted metadata properties without the necessary checks. This flaw poses a risk to the confidentiality of sensitive information, as it can be exploited to reveal data that should be securely protected. It is recommended that affected users implement the necessary patches to mitigate this vulnerability and safeguard their systems.

Affected Version(s)

SAP S4/HANA (OData meta-data property) S4CORE 102

SAP S4/HANA (OData meta-data property) 103

SAP S4/HANA (OData meta-data property) 104

References

https://me.sap.com/notes/3227940

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025