CVE-2025-31332 CVSS:6.6

Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause service downtime hence leading to a high impact on integrity and availability. However, this vulnerability does not disclose any sensitive data.

CVE-2025-31333 CVSS:4.3

SAP S4CORE OData meta-data property contains a vulnerability that allows data tampering. An attacker can externally modify the entity set, which results in a low-impact integrity issue for the application. The vulnerability does not affect the system's confidentiality or availability.

CVE-2025-31330 CVSS:9.9

SAP Landscape Transformation (SLT) has a critical vulnerability that allows a user with basic privileges to inject malicious ABAP code into the system through an exposed function module via RFC. This security flaw bypasses important authorization checks and effectively creates a backdoor that could lead to complete system compromise. An attacker exploiting this vulnerability can potentially undermine the system's core security principles, putting its confidentiality, integrity, and availability at serious risk.

CVE-2025-31331 CVSS:4.3

SAP NetWeaver contains an authorization bypass vulnerability that enables attackers to view restricted ABAP code segments without proper validation. After logging into the ABAP system, an attacker can execute a specific transaction that reveals sensitive system code, effectively compromising the system's confidentiality by circumventing standard authorization mechanisms.

CVE-2025-30016 CVSS:9.8

SAP Financial Consolidation allows an unauthenticated malicious user to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application.

CVE-2025-30013 CVSS:6.7

SAP ERP BW Business Content has a critical OS Command Injection vulnerability in specific function modules. These modules can be manipulated when running with high-level system privileges, enabling attackers to inject unauthorized operating system commands. By improperly processing user input, the vulnerability allows malicious actors to execute unintended commands directly on the underlying system. This security flaw poses a serious threat to the application's overall security, potentially compromising the confidentiality, integrity, and availability of the SAP ERP system.

CVE-2025-30014 CVSS:7.7

SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they donot have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected.

CVE-2025-30015 CVSS:4.1

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application.