Exposed Dangerous Method or Function

CVE-2025-43003

Medium

6.4/10

Summary

SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive information. This could cause a high impact on confidentiality and minimal impact on integrity and availability of the application.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-749 - Exposed Dangerous Method or Function

The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References

Advisory Timeline

Published May 13, 2025

Exposed Dangerous Method or Function

CVE-2025-43003

Summary

CWE-749 - Exposed Dangerous Method or Function

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS