What is CVE-2025-42876?

CVE-2025-42876 is a high-severity vulnerability in Sap_se Sap S/4 Hana Private Cloud (Financials General Ledger), classified under Asymmetric Resource Consumption (Amplification). CVSS score: 7.1/10. Published 2025-12-09.

How severe is CVE-2025-42876?

High severity. CVSS v3 base score is 7.1 out of 10.

Vulnerability in Sap_se Sap S/4 Hana Private Cloud (Financials General Ledger)

CVE-2025-42876

Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify docume…

EPSS: 0.000 (12.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.

Affected products

Sap_se Sap S/4 Hana Private Cloud (Financials General Ledger) — versions S4CORE 104, 105, 106

Weakness classification (CWE)

CWE-405 — Asymmetric Resource Consumption (Amplification)

References

Frequently asked questions

What is CVE-2025-42876?: CVE-2025-42876 is a high-severity vulnerability in Sap_se Sap S/4 Hana Private Cloud (Financials General Ledger), classified under Asymmetric Resource Consumption (Amplification). CVSS score: 7.1/10. Published 2025-12-09.
How severe is CVE-2025-42876?: High severity. CVSS v3 base score is 7.1 out of 10.