Improper Validation of Specified Type of Input

CVE-2025-42916

High

8.1/10

Summary

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-1287 - Improper Validation of Specified Type of Input

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

References

Advisory Timeline

Published Sep 09, 2025

Improper Validation of Specified Type of Input

CVE-2025-42916

Summary

CWE-1287 - Improper Validation of Specified Type of Input

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS