Unrated severityNVD Advisory· Published Nov 11, 2025· Updated Feb 26, 2026

Path Traversal vulnerability in SAP Business Connector

CVE-2025-42894

Description

Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system commands on the server, resulting in a complete compromise of the confidentiality, integrity, and availability of the affected system.

Affected products

SAP/Business Connectorllm-fuzzy
SAP_SE/SAP Business Connectorv5
Range: SAP BC 4.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3666038mitre
url.sap/sapsecuritypatchdaymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000