{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-43008", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-04-16T13:25:53.589Z", "datePublished": "2025-05-13T00:19:30.248Z", "dateUpdated": "2025-05-13T13:57:09.498Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "S4HCMCPT 100"}, {"status": "affected", "version": "101"}, {"status": "affected", "version": "SAP_HRCPT 600"}, {"status": "affected", "version": "604"}, {"status": "affected", "version": "608"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.</p>"}], "value": "Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-05-13T00:19:30.248Z"}, "references": [{"url": "https://me.sap.com/notes/3585992"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-13T13:57:02.705374Z", "id": "CVE-2025-43008", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T13:57:09.498Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-43008", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-13T13:57:02.705374Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T13:57:06.690Z"}}], "cna": {"title": "Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal", "versions": [{"status": "affected", "version": "S4HCMCPT 100"}, {"status": "affected", "version": "101"}, {"status": "affected", "version": "SAP_HRCPT 600"}, {"status": "affected", "version": "604"}, {"status": "affected", "version": "608"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3585992"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.", "supportingMedia": [{"type": "text/html", "value": "<p>Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-05-13T00:19:30.248Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43008", "state": "PUBLISHED", "dateUpdated": "2025-05-13T13:57:09.498Z", "dateReserved": "2025-04-16T13:25:53.589Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2025-05-13T00:19:30.248Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability."}, {"lang": "es", "value": "Debido a la falta de verificaci\u00f3n de autorizaci\u00f3n, un usuario no autorizado puede acceder a los archivos de otra empresa. Esto podr\u00eda conllevar la divulgaci\u00f3n de datos personales de los empleados. Esto no afecta la integridad ni la disponibilidad."}], "id": "CVE-2025-43008", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2025-05-13T01:15:49.600", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3585992"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "cna@sap.com", "type": "Secondary"}]}

{}

{}