Cross-Site Scripting Vulnerability in SAP Supplier Relationship Management
CVE-2025-43006

6.1MEDIUM

Key Information:

Vendor

SAP
Status
Supplier Relationship Management
Vendor
CVE Published:
13 May 2025

What is CVE-2025-43006?

The SAP Supplier Relationship Management's Master Data Management Catalogue has a vulnerability that allows unauthenticated attackers to inject and execute malicious scripts within the application. Although this vulnerability does not affect the availability of the application, it poses risks to the confidentiality and integrity of sensitive data. Organizations using this product should take immediate action to mitigate potential impacts from this flaw.

References

https://me.sap.com/notes/3588455
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.
CVE-2025-43006 : Cross-Site Scripting Vulnerability in SAP Supplier Relationship Management