CVE-2025-43008
Description
Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization check in SAP allows unauthorized users to view files of other companies, potentially disclosing employee personal data.
Vulnerability
Description
CVE-2025-43008 is due to a missing authorization check in an unspecified SAP component. This flaw allows an unauthorized user to view files belonging to other companies, leading to potential disclosure of personal data of employees. The vulnerability does not impact integrity or availability.
Exploitation
Conditions
An attacker can exploit this vulnerability without requiring authentication, as the missing check fails to verify the user's permissions before granting access to files from other companies. The attack vector is over the network, and the complexity is low, with privileges required being none.
Impact
Successful exploitation results in the unauthorized disclosure of personal data, such as employee information, which could lead to privacy violations and regulatory non-compliance. The confidentiality impact is high, while integrity and availability are not affected.
Mitigation
SAP has released security patches as part of its monthly Security Patch Day [1]. Customers are advised to apply the relevant security notes to remediate the vulnerability. As of the publication date, no workarounds have been provided.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.