Security Misconfiguration in Production Operator Dashboards from SAP
CVE-2025-43004

5.3MEDIUM

Key Information:

Vendor

SAP
Status
SAP Digital Manufacturing (production Operator Dashboard)
Vendor
CVE Published:
13 May 2025

What is CVE-2025-43004?

A security misconfiguration vulnerability in SAP's Production Operator Dashboards enables unauthenticated users to potentially access customer data. This flaw arises from inadequate authentication mechanisms, allowing unauthorized individuals to view non-sensitive information displayed on the dashboards. Organizations must be aware that while this vulnerability permits data visibility, it does not compromise data integrity or availability.

Affected Version(s)

SAP Digital Manufacturing (Production Operator Dashboard) CTNR-DME-PODFOUNDATION-MS 1.0

References

https://me.sap.com/notes/3571096
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.