CVE-2025-31333

April 8, 2025, 6:13 p.m.

4.3
Medium

Description

SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.

Product(s) Impacted

Product Versions
sap_s4core
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-472
External Control of Assumed-Immutable Web Parameter
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

References

https://me.sap.com/notes/3525971
https://url.sap/sapsecuritypatchday

Tags

cna@sap.com
CWE-472
2025-04-08
CVE-2025-31333

CVSS Score

4.3 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: LOW
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    View Vector String

Timeline

Published: April 8, 2025, 8:15 a.m.
Last Modified: April 8, 2025, 6:13 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@sap.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.