CVE-2025-42889

🗓️ 11 Nov 2025 00:15:14Reported by sapType

Authenticated attacker can execute crafted SQL queries in SAP Starter Solution, exposing the back-end database with low confidentiality and integrity and no availability impact.

Reporter	Title	Published	Views	Family All 8
CNNVD	SAP S/4HANA SQL注入漏洞	11 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-42889 SQL Injection vulnerability in SAP Starter Solution (PL SAFT)	11 Nov 202500:15	–	cvelist
EUVD	EUVD-2025-60989	11 Nov 202503:30	–	euvd
NCSC	Vulnerabilities fixed in SAP products	11 Nov 202512:15	–	ncsc
NVD	CVE-2025-42889	11 Nov 202501:15	–	nvd
Positive Technologies	PT-2025-46230	11 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-42889	12 Nov 202500:36	–	redhatcve
Vulnrichment	CVE-2025-42889 SQL Injection vulnerability in SAP Starter Solution (PL SAFT)	11 Nov 202500:15	–	vulnrichment

Vulners

Node

sap starter_solutionMatch600

sap starter_solutionMatch602

sap starter_solutionMatch603

sap starter_solutionMatch604

sap starter_solutionMatch605

sap starter_solutionMatch606

sap starter_solutionMatch616

sap starter_solutionMatch617

sap starter_solutionMatch618

sap starter_solutionMatch700

sap starter_solutionMatch720

sap starter_solutionMatch730

sap s4coreMatch100

sap starter_solutionMatch101

sap starter_solutionMatch102

sap starter_solutionMatch103

sap starter_solutionMatch104

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Starter Solution (PL SAFT)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_APPL 600"
      },
      {
        "status": "affected",
        "version": "602"
      },
      {
        "status": "affected",
        "version": "603"
      },
      {
        "status": "affected",
        "version": "604"
      },
      {
        "status": "affected",
        "version": "605"
      },
      {
        "status": "affected",
        "version": "606"
      },
      {
        "status": "affected",
        "version": "616"
      },
      {
        "status": "affected",
        "version": "SAP_FIN 617"
      },
      {
        "status": "affected",
        "version": "618"
      },
      {
        "status": "affected",
        "version": "700"
      },
      {
        "status": "affected",
        "version": "720"
      },
      {
        "status": "affected",
        "version": "730"
      },
      {
        "status": "affected",
        "version": "S4CORE 100"
      },
      {
        "status": "affected",
        "version": "101"
      },
      {
        "status": "affected",
        "version": "102"
      },
      {
        "status": "affected",
        "version": "103"
      },
      {
        "status": "affected",
        "version": "104"
      }
    ]
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/2886616

15 Apr 2026 00:35Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.15.4

EPSS0.00032

SSVC

CWE-89