What is CVE-2025-42906?

CVE-2025-42906 is a medium-severity vulnerability in Sap_se Sap Commerce Cloud, classified under Path Traversal. CVSS score: 5.3/10. Published 2025-10-14.

How severe is CVE-2025-42906?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Path Traversal in Sap_se Sap Commerce Cloud

CVE-2025-42906

SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentiall…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (20.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Sap_se Sap Commerce Cloud — versions COM_CLOUD 2211

Weakness classification (CWE)

CWE-22 — Path Traversal

References

me.sap.com/notes/3634724
url.sap/sapsecuritypatchday

Frequently asked questions

What is CVE-2025-42906?: CVE-2025-42906 is a medium-severity vulnerability in Sap_se Sap Commerce Cloud, classified under Path Traversal. CVSS score: 5.3/10. Published 2025-10-14.
How severe is CVE-2025-42906?: Medium severity. CVSS v3 base score is 5.3 out of 10.