Unchecked Input for Loop Condition

CVE-2025-42930

Medium

6.5/10

Summary

SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-606 - Unchecked Input for Loop Condition

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive looping.

References

Advisory Timeline

Published Sep 09, 2025

Unchecked Input for Loop Condition

CVE-2025-42930

Summary

CWE-606 - Unchecked Input for Loop Condition

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS