CVE-2025-42998

Published Jun 10, 2025

Last updated a month ago

CVSS medium 5.3

Overview

Description
The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted pages. This leads to low impact on confidentiality of the application, there is no impact on integrity and availability.
Source
cna@sap.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
5.3
Impact score
1.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

cna@sap.com
CWE-346

Social media

Hype score
Not currently trending

  1. CVE-2025-42998 SAP Business One Integration Framework Bypass of Access Restrictions Vulnerability https://t.co/LlaCmcRHxh

    @VulmonFeeds

    10 Jun 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.