216.73.216.170

CVE-2025-42892

· Published 11/11/2025 01:15 · Modified 12/11/2025 16:19

Labels: CVE-2025-42892 2025-11-11CVE-2025-42892CWE-78[email protected]

Essential information

Published
11/11/2025 01:15
Modified
12/11/2025 16:19
Author
Creator
CVSS
6.8 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References