CVE-2025-42889
Description
SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated SAP Starter Solution users can execute crafted database queries, exposing the back-end database with low confidentiality and integrity impact.
CVE-2025-42889 is a vulnerability in SAP Starter Solution that allows an authenticated attacker to execute crafted database queries. The root cause is insufficient input validation or improper handling of user-supplied data, enabling the attacker to manipulate database queries and access underlying data.
To exploit this vulnerability, an attacker must have valid authentication credentials for the SAP Starter Solution. Once authenticated, they can craft malicious database queries that are executed by the application, bypassing intended restrictions. The attack does not require any special network position beyond access to the application.
The impact is limited to low confidentiality and integrity loss, as the attacker can read or modify certain database contents but cannot cause a denial of service. No availability impact is reported.
SAP has addressed this vulnerability through its regular Security Patch Day process [1]. Customers are advised to apply the relevant security notes provided by SAP, which are available for supported versions in the latest support packages [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.