1. Home
  2. CVE Database
  3. CVE-2025-43010
HIGH · 8.3

CVE-2025-43010

SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace...

Vulnerability Description

SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.

CVSS Score

8.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
HIGH

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2025-43010?

CVE-2025-43010 is a vulnerability with a CVSS score of 8.3 (HIGH). SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace...

How severe is CVE-2025-43010?

CVE-2025-43010 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-43010?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.