CVE-2025-42947
Description
SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be executed by the application. An attacker could thereby control the behaviour of the application causing high impact on integrity, low impact on availability and no impact on confidentiality of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SAP FICA ODN framework local variable injection allows high-privileged user to control application behavior, high integrity impact.
Vulnerability
CVE-2025-42947 is a local variable injection vulnerability in the SAP FICA ODN framework. A high-privileged user can inject malicious values into local variables, which are then executed by the application, leading to unintended behavior.
Exploitation
To exploit this vulnerability, the attacker must have high privileges within the SAP system. The attack requires the ability to manipulate local variables within the ODN framework. No network-level prerequisites are mentioned beyond authenticated access with sufficient privileges.
Impact
Successful exploitation allows the attacker to control application behavior, resulting in high impact on integrity and low impact on availability. There is no impact on confidentiality [1].
Mitigation
SAP has released security updates as part of its regular Security Patch Day. Customers are advised to apply the relevant patches provided in SAP Security Notes for affected versions [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.