CVE-2025-42934

MEDIUM EPSS 13.6%

Published Aug 12, 202510mo ago · Modified Jun 17, 20261w ago

4.3 CVSS 3.1

Medium

Published Aug 12, 2025 10mo ago

Last Modified Jun 17, 2026 1w ago

Description

SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the 'Trusted Sites' configuration by injecting line feed (LF) characters into application inputs. This vulnerability has a low impact on the application's integrity and no impact on confidentiality or availability.

CVSS Details

Base Score

4.3

Exploitability

2.8

Impact

1.4

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality None

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

13.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-113

References 2

me.sap.com https://me.sap.com/notes/3616863
url.sap https://url.sap/sapsecuritypatchday

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.