CVE-2025-30013

Published Apr 8, 2025

Last updated 3 months ago

CVSS medium 6.7

Overview

Description
SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. These function modules, when executed with elevated privileges, improperly handle user input, allowing attacker to inject arbitrary OS commands. This vulnerability allows the execution of unintended commands on the underlying system, posing a significant security risk to the confidentiality, integrity and availability of the application.
Source
cna@sap.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
6.7
Impact score
5.9
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

cna@sap.com
CWE-94

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-30013 🟠 MEDIUM (6.7) 🏢 SAP_SE - SAP ERP BW Business Content 🏗️ BI_CONT 707 🔗 https://t.co/UIALsiuhKU 🔗 https://t.co/f5sXJgkGmG #CyberCron #VulnAlert #InfoSec https://t.co/DnStqmWZIl

    @cybercronai

    9 Apr 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.