CVE-2025-30016

critical

Description

SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application.

References

https://www.securityweek.com/sap-patches-critical-code-injection-vulnerabilities/

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3572688

Details

Source: Mitre, NVD

Published: 2025-04-08

Updated: 2025-04-08

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical