Auth bypass in Sap_se Sap S/4hana Hcm Portugal And Erp

CVE-2025-43008

Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.

Vulnerability class: Broken Access Control

EPSS: 0.003 (22.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-43008?
CVE-2025-43008 is a medium-severity vulnerability in Sap_se Sap S/4hana Hcm Portugal And Erp, classified under Missing Authorization. CVSS score: 5.8/10. Published 2025-05-13.
How severe is CVE-2025-43008?
Medium severity. CVSS v3 base score is 5.8 out of 10.