{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-43009", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-04-16T13:25:53.589Z", "datePublished": "2025-05-13T00:19:41.795Z", "dateUpdated": "2025-05-13T14:11:47.930Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Service Parts Management (SPM)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "SAP_APPL 600"}, {"status": "affected", "version": "602"}, {"status": "affected", "version": "603"}, {"status": "affected", "version": "604"}, {"status": "affected", "version": "605"}, {"status": "affected", "version": "606"}, {"status": "affected", "version": "616"}, {"status": "affected", "version": "617"}, {"status": "affected", "version": "618"}, {"status": "affected", "version": "S4CORE 100"}, {"status": "affected", "version": "101"}, {"status": "affected", "version": "102"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.</p>"}], "value": "SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-05-13T00:19:41.795Z"}, "references": [{"url": "https://me.sap.com/notes/2491817"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Missing Authorization check in SAP Service Parts Management (SPM)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-13T14:09:37.192975Z", "id": "CVE-2025-43009", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T14:11:47.930Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-43009", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-13T14:09:37.192975Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T14:11:41.869Z"}}], "cna": {"title": "Missing Authorization check in SAP Service Parts Management (SPM)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Service Parts Management (SPM)", "versions": [{"status": "affected", "version": "SAP_APPL 600"}, {"status": "affected", "version": "602"}, {"status": "affected", "version": "603"}, {"status": "affected", "version": "604"}, {"status": "affected", "version": "605"}, {"status": "affected", "version": "606"}, {"status": "affected", "version": "616"}, {"status": "affected", "version": "617"}, {"status": "affected", "version": "618"}, {"status": "affected", "version": "S4CORE 100"}, {"status": "affected", "version": "101"}, {"status": "affected", "version": "102"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/2491817"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-05-13T00:19:41.795Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43009", "state": "PUBLISHED", "dateUpdated": "2025-05-13T14:11:47.930Z", "dateReserved": "2025-04-16T13:25:53.589Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2025-05-13T00:19:41.795Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application."}, {"lang": "es", "value": "SAP Service Parts Management (SPM) no realiza las comprobaciones de autorizaci\u00f3n necesarias para un usuario autenticado, lo que permite a un atacante escalar privilegios. Esto tiene un impacto m\u00ednimo en la confidencialidad, la integridad y la disponibilidad de la aplicaci\u00f3n."}], "id": "CVE-2025-43009", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2025-05-13T01:15:49.747", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/2491817"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "cna@sap.com", "type": "Secondary"}]}

{}

{}