Privilege Escalation in SAP Service Parts Management by SAP
CVE-2025-43009

6.3MEDIUM

Key Information:

Vendor

SAP
Status
SAP Service Parts Management (SPM)
Vendor
CVE Published:
13 May 2025

What is CVE-2025-43009?

The SAP Service Parts Management (SPM) application lacks sufficient authorization checks for authenticated users. This vulnerability could enable unauthorized individuals to gain elevated privileges within the system, potentially leading to unauthorized actions that compromise the security of the application. The issue may not severely impact confidentiality, integrity, or availability, but immediate attention and remediation are recommended to prevent potential exploitation.

References

https://me.sap.com/notes/2491817
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2025-43009 : Privilege Escalation in SAP Service Parts Management by SAP