CVE-2025-27430 Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)

🗓️ 11 Mar 2025 00:37:24Reported by sapType

CVE-2025-27430 SSRF in SAP CRM/S4 HANA allows low-privilege access to restricted data.

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the Interaction Center web client component of the SAP CRM system, which is used for managing customer relationships, as well as the SAP S/4HANA software platform, allows a attacker to perform a SSRF attack.	2 Jun 202500:00	–	bdu_fstec
Circl	CVE-2025-27430	11 Mar 202501:41	–	circl
CNNVD	SAP CRM和SAP S/4HANA 代码问题漏洞	11 Mar 202500:00	–	cnnvd
CNVD	SAP CRM and SAP S/4HANA server-side request forgery vulnerability (CNVD-2025-07595)	27 Mar 202500:00	–	cnvd
CVE	CVE-2025-27430	11 Mar 202500:37	–	cve
EUVD	EUVD-2025-7775	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP software	11 Mar 202512:20	–	ncsc
NCSC	Vulnerabilities fixed in SAP products	30 Apr 202513:12	–	ncsc
NVD	CVE-2025-27430	11 Mar 202501:15	–	nvd
RedhatCVE	CVE-2025-27430	15 Mar 202504:28	–	redhatcve

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP CRM and SAP S/4HANA (Interaction Center)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4CRM 100"
      },
      {
        "status": "affected",
        "version": "200"
      },
      {
        "status": "affected",
        "version": "204"
      },
      {
        "status": "affected",
        "version": "205"
      },
      {
        "status": "affected",
        "version": "206"
      },
      {
        "status": "affected",
        "version": "S4FND 102"
      },
      {
        "status": "affected",
        "version": "103"
      },
      {
        "status": "affected",
        "version": "104"
      },
      {
        "status": "affected",
        "version": "105"
      },
      {
        "status": "affected",
        "version": "106"
      },
      {
        "status": "affected",
        "version": "107"
      },
      {
        "status": "affected",
        "version": "108"
      },
      {
        "status": "affected",
        "version": "S4CEXT 107"
      },
      {
        "status": "affected",
        "version": "BBPCRM 701"
      },
      {
        "status": "affected",
        "version": "702"
      },
      {
        "status": "affected",
        "version": "712"
      },
      {
        "status": "affected",
        "version": "713"
      },
      {
        "status": "affected",
        "version": "714"
      },
      {
        "status": "affected",
        "version": "WEBCUIF 701"
      },
      {
        "status": "affected",
        "version": "731"
      },
      {
        "status": "affected",
        "version": "746"
      },
      {
        "status": "affected",
        "version": "747"
      },
      {
        "status": "affected",
        "version": "748"
      },
      {
        "status": "affected",
        "version": "800"
      },
      {
        "status": "affected",
        "version": "801"
      }
    ]
  }
]

Source	Link
url	www.url.sap/sapsecuritypatchday
me	www.me.sap.com/notes/3561861

11 Mar 2025 00:37Current

CVSS 3.13.5

EPSS0.00079

CWE-918