Unauthorized Field Access in SAP S/4 HANA by Authenticated Users
CVE-2025-43003

6.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP S/4hana (private Cloud & On-premise)
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-43003?

SAP S/4 HANA has a significant vulnerability that permits authenticated users with certain privileges to manipulate UI elements and display sensitive fields that should be restricted. This compromises the confidentiality of sensitive information within the application, potentially exposing critical data that could be exploited. The flaw emphasizes the importance of robust access control mechanisms and highlights the need for timely software updates to mitigate risks associated with unauthorized data exposure. Users are urged to review their security configurations and apply the necessary patches to protect against this exploit.

Affected Version(s)

SAP S/4HANA (Private Cloud & On-Premise) S4CRM 204

SAP S/4HANA (Private Cloud & On-Premise) 205

SAP S/4HANA (Private Cloud & On-Premise) 206

References

https://me.sap.com/notes/3596033

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025