Arbitrary file upload in Sap_se Sap Supplier Relationship Management

CVE-2025-42910

Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the user…

Vulnerability class: Unrestricted File Upload

EPSS: 0.004 (34.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-42910?
CVE-2025-42910 is a critical-severity vulnerability in Sap_se Sap Supplier Relationship Management, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 9.0/10. Published 2025-10-14.
How severe is CVE-2025-42910?
Critical severity. CVSS v3 base score is 9.0 out of 10.