Auth bypass in Sap_se Sap S/4hana Hcm Portugal And Erp
CVE-2025-43008
Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.
Vulnerability class: Broken Access Control
EPSS: 0.003 (22.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N.
Affected products
- Sap_se Sap S/4hana Hcm Portugal And Erp — versions S4HCMCPT 100, 101, SAP_HRCPT 600
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-43008?
- CVE-2025-43008 is a medium-severity vulnerability in Sap_se Sap S/4hana Hcm Portugal And Erp, classified under Missing Authorization. CVSS score: 5.8/10. Published 2025-05-13.
- How severe is CVE-2025-43008?
- Medium severity. CVSS v3 base score is 5.8 out of 10.