Privilege Escalation in SAP Service Parts Management by SAP
CVE-2025-43009

6.3MEDIUM

Key Information:

Vendor

SAP

Vendor
CVE Published:
13 May 2025

What is CVE-2025-43009?

The SAP Service Parts Management (SPM) application lacks sufficient authorization checks for authenticated users. This vulnerability could enable unauthorized individuals to gain elevated privileges within the system, potentially leading to unauthorized actions that compromise the security of the application. The issue may not severely impact confidentiality, integrity, or availability, but immediate attention and remediation are recommended to prevent potential exploitation.

Affected Version(s)

SAP Service Parts Management (SPM) SAP_APPL 600

SAP Service Parts Management (SPM) 602

SAP Service Parts Management (SPM) 603

References

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2025-43009 : Privilege Escalation in SAP Service Parts Management by SAP