CVE-2025-22249 – VMware Aria Automation Vulnerability
May 13, 2025ICS: Multiple Siemens Products Vulnerabilities
May 13, 2025CVE-2025-22249 – VMware Aria Automation Vulnerability
May 13, 2025ICS: Multiple Siemens Products Vulnerabilities
May 13, 2025Severity
High
Analysis Summary
CVE-2025-43011 CVSS:7.7
Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality with no impact on the integrity or availability of the application.
CVE-2025-43000 CVSS:7.9
Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application.
CVE-2025-30018 CVSS:8.6
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and availability of the application.
CVE-2025-42999 CVSS:9.1
SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
CVE-2025-43010 CVSS:8.3
SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.
Impact
- Gain Access
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-43011
CVE-2025-43000
CVE-2025-30018
CVE-2025-42999
CVE-2025-43010
Affected Vendors
Affected Products
- SAP Landscape Transformation
- SAP Business Objects Business Intelligence Platform
- SAP Supplier Relationship Management
Remediation
Refer to SAP Security Advisory for patch, upgrade, or suggested workaround information.(Login Required)