Unrated severityNVD Advisory· Published Nov 11, 2025· Updated Nov 12, 2025

OS Command Injection vulnerability in SAP Business Connector

CVE-2025-42892

Description

Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

Affected products

SAP/Business Connectorllm-fuzzy
SAP_SE/SAP Business Connectorv5
Range: SAP BC 4.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3665900mitre
url.sap/sapsecuritypatchdaymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000