CVE-2025-42939

🗓️ 14 Oct 2025 00:18:39Reported by sapType

Basic-privilege attacker can delete rule conditions in SAP S/4HANA bank statements due to missing authorization check.

Reporter	Title	Published	Views	Family All 8
CNNVD	SAP S/4HANA 安全漏洞	14 Oct 202500:00	–	cnnvd
Cvelist	CVE-2025-42939 Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements)	14 Oct 202500:18	–	cvelist
EUVD	EUVD-2025-34118	14 Oct 202500:18	–	euvd
NCSC	Vulnerabilities fixed in SAP Products	17 Oct 202508:04	–	ncsc
NVD	CVE-2025-42939	14 Oct 202501:15	–	nvd
Positive Technologies	PT-2025-41844	14 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-42939	15 Oct 202516:43	–	redhatcve
Vulnrichment	CVE-2025-42939 Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements)	14 Oct 202500:18	–	vulnrichment

Vulners

Node

sap s4coreMatch104

sap s/4hanaMatch105

sap s/4hanaMatch106

sap s/4hanaMatch107

sap s/4hanaMatch108

sap s/4hanaMatch109

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP S/4HANA (Manage Processing Rules - For Bank Statements)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4CORE 104"
      },
      {
        "status": "affected",
        "version": "105"
      },
      {
        "status": "affected",
        "version": "106"
      },
      {
        "status": "affected",
        "version": "107"
      },
      {
        "status": "affected",
        "version": "108"
      },
      {
        "status": "affected",
        "version": "109"
      }
    ]
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/3625683

15 Apr 2026 00:35Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.14.3

EPSS0.00036

SSVC

CWE-863