CVE-2025-42960
Description
SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentiality and availability of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SAP Business Warehouse and BW/4HANA BEx Tools improper authorization allows authenticated attackers to delete user table entries, impacting data integrity.
CVE-2025-42960 describes an improper authorization vulnerability in SAP Business Warehouse and SAP BW/4HANA BEx Tools. The flaw allows an authenticated attacker to gain higher access levels than intended, potentially enabling the deletion of user table entries. This arises from insufficient authorization checks within the BEx Tools component.
An attacker must be authenticated to the SAP system to exploit this vulnerability. No specific network position or prior elevated privileges are mentioned, but the attack requires valid user credentials. The CVSS v3 score of 4.3 indicates a medium severity, with low attack complexity and low privileges required.
The primary impact is on data integrity, as successful exploitation could allow unauthorized deletion of user table entries. There is no impact on confidentiality or availability, according to the advisory.
SAP addresses this vulnerability through its regular Security Patch Day, where security notes are released. Users are advised to apply the relevant security note as soon as possible to mitigate the risk [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.