CVE-2025-42930 - Vulnerability Details - OpenCVE

SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://me.sap.com/notes/3614067
https://url.sap/sapsecuritypatchday

History

Tue, 09 Sep 2025 02:15:00 +0000

Type	Values Removed	Values Added
Description		SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity.
Title		Denial of Service (DoS) vulnerability in SAP Business Planning and Consolidation
Weaknesses		CWE-606
References		https://me.sap.com/notes/3614067 https://url.sap/sapsecuritypatchday
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2025-09-09T02:11:18.387Z

Updated: 2025-09-09T02:11:18.387Z

Reserved: 2025-04-16T13:25:32.385Z

Link: CVE-2025-42930

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-09-09T02:15:41.600

Modified: 2025-09-09T02:15:41.600

Link: CVE-2025-42930

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-42930", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-04-16T13:25:32.385Z", "datePublished": "2025-09-09T02:11:18.387Z", "dateUpdated": "2025-09-09T02:11:18.387Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Business Planning and Consolidation", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "BPC4HANA 200"}, {"status": "affected", "version": "300"}, {"status": "affected", "version": "SAP_BW 750"}, {"status": "affected", "version": "751"}, {"status": "affected", "version": "752"}, {"status": "affected", "version": "753"}, {"status": "affected", "version": "754"}, {"status": "affected", "version": "755"}, {"status": "affected", "version": "756"}, {"status": "affected", "version": "757"}, {"status": "affected", "version": "758"}, {"status": "affected", "version": "816"}, {"status": "affected", "version": "914"}, {"status": "affected", "version": "CPMBPC 810"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity.</p>"}], "value": "SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-606", "description": "CWE-606: Unchecked Input for Loop Condition", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-09-09T02:11:18.387Z"}, "references": [{"url": "https://me.sap.com/notes/3614067"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Denial of Service (DoS) vulnerability in SAP Business Planning and Consolidation", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}