

CoinMiner Malware – Active IOCs
May 14, 2025
Multiple Adobe ColdFusion Vulnerabilities
May 14, 2025
CoinMiner Malware – Active IOCs
May 14, 2025
Multiple Adobe ColdFusion Vulnerabilities
May 14, 2025Severity
High
Analysis Summary
CVE-2025-43006 CVSS:6.1
SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.
CVE-2025-43005 CVSS:4.3
SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data.
CVE-2025-43004 CVSS:5.3
Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view non-sensitive customer information. However, this does not affect data integrity or availability.
CVE-2025-43003 CVSS:6.4
SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive information. This could cause a high impact on confidentiality and minimal impact on integrity and availability of the application.
Impact
- Gain Access
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-43006
CVE-2025-43005
CVE-2025-43004
CVE-2025-43003
Affected Vendors
Affected Products
- SAP S/4HANA
- SAP Supplier Relationship Management
- SAP Gui For Windows
- SAP Digital Manufacturing
Remediation
Refer to SAP Security Advisory for patch, upgrade, or suggested workaround information.(Login Required)