EUVD-2025-24209

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Directory traversal flaw in SAP S/4HANA Bank Comm enables high-priv attacker with a specific transaction to read or delete OS files; high confidentiality, low integrity, no availability.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-42946	12 Aug 202502:43	–	circl
CNNVD	SAP S/4HANA 路径遍历漏洞	12 Aug 202500:00	–	cnnvd
CVE	CVE-2025-42946	12 Aug 202502:07	–	cve
Cvelist	CVE-2025-42946 Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management)	12 Aug 202502:07	–	cvelist
NCSC	Vulnerabilities fixed in SAP products	5 Sep 202511:12	–	ncsc
NVD	CVE-2025-42946	12 Aug 202503:15	–	nvd
Positive Technologies	PT-2025-32607 · Sap · Sap S/4Hana	12 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-42946	14 Aug 202502:24	–	redhatcve
Vulnrichment	CVE-2025-42946 Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management)	12 Aug 202502:07	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "20be3662-4323-375e-b7b1-04ab13d37f5d",
        "vendor": {
          "name": "SAP_SE"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "00e3fa75-781a-328b-870b-8e6efc1fd325",
        "product": {
          "name": "SAP S/4HANA (Bank Communication Management)"
        },
        "product_version": "108"
      },
      {
        "id": "265b57d7-75cc-3fac-823a-c751f0f5d944",
        "product": {
          "name": "SAP S/4HANA (Bank Communication Management)"
        },
        "product_version": "S4CORE 102"
      },
      {
        "id": "2d334f57-b69c-3155-be40-ccc3bcdc8601",
        "product": {
          "name": "SAP S/4HANA (Bank Communication Management)"
        },
        "product_version": "730"
      },
      {
        "id": "5078a2e0-5d24-314e-9ecd-6391c3d214e3",
        "product": {
          "name": "SAP S/4HANA (Bank Communication Management)"
        },
        "product_version": "720"
      },
      {
        "id": "510a1f10-1b18-3d08-8a3b-e3e9a4cbd89f",
        "product": {
          "name": "SAP S/4HANA (Bank Communication Management)"
        },
        "product_version": "SAP_FIN 617"
      },
      {
        "id": "59ee5d19-d1c3-3df1-9794-38745faa5c91",
        "product": {
          "name": "SAP S/4HANA (Bank Communication Management)"
        },
        "product_version": "SAP_APPL 606"
      },
      {
        "id": "90122287-4378-32fe-adfe-e71c89f14867",
        "product": {
          "name": "SAP S/4HANA (Bank Communication Management)"
        },
        "product_version": "103"
      },
      {
        "id": "b2bc78d3-28d2-3aaa-8c73-d586649abc54",
        "product": {
          "name": "SAP S/4HANA (Bank Communication Management)"
        },
        "product_version": "106"
      },
      {
        "id": "e6312ce8-7630-3a58-a35d-c00f3ef4689c",
        "product": {
          "name": "SAP S/4HANA (Bank Communication Management)"
        },
        "product_version": "105"
      },
      {
        "id": "edc88081-d328-3f19-8c64-89a7288fc690",
        "product": {
          "name": "SAP S/4HANA (Bank Communication Management)"
        },
        "product_version": "618"
      },
      {
        "id": "f58ce920-36ac-3429-91d3-719c8e1b308b",
        "product": {
          "name": "SAP S/4HANA (Bank Communication Management)"
        },
        "product_version": "107"
      },
      {
        "id": "f87e81cf-162b-3ba2-a4c6-1b89b94f0637",
        "product": {
          "name": "SAP S/4HANA (Bank Communication Management)"
        },
        "product_version": "104"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3614804
url	www.url.sap/sapsecuritypatchday

03 Oct 2025 20:07Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.9

EPSS0.00273

SSVC