CVE-2025-43008— Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

CVSS 5.8 · Medium EPSS 0.17% · P38 Updated May 13, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-43008

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

Source: NVD (National Vulnerability Database)

Vulnerability Description

Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

授权机制缺失

Source: NVD (National Vulnerability Database)

Vulnerability Title

SAP ERP HCM和SAP S/4HANA 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SAP ERP HCM和SAP S/4HANA都是德国思爱普（SAP）公司的产品。SAP ERP HCM是一套企业人力资源管理解决方案。SAP S/4HANA是一个基于 SAP HANA 内存数据库系统的的企业资源管理软件。 SAP ERP HCM和SAP S/4HANA存在安全漏洞，该漏洞源于缺少授权检查，可能导致员工个人信息泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SAP_SE	SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal	S4HCMCPT 100	-

II. Public POCs for CVE-2025-43008

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-43008

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2025-43008

Same Patch Batch · SAP_SE · 2025-05-13 · 20 CVEs total

CVE-2025-30012	10.0 CRITICAL	Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-42999	9.1 CRITICAL	Insecure Deserialization in SAP NetWeaver (Visual Composer development server)
CVE-2025-30018	8.6 HIGH	Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-43010	8.3 HIGH	Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master
CVE-2025-43000	7.9 HIGH	Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platfor
CVE-2025-43011	7.7 HIGH	Missing Authorization Check in SAP Landscape Transformation (PCL Basis)
CVE-2025-42997	6.6 MEDIUM	Information Disclosure vulnerability in SAP Gateway Client
CVE-2025-43003	6.4 MEDIUM	Information Disclosure vulnerability in SAP S/4HANA (Private Cloud & On-Premise)
CVE-2025-43007	6.3 MEDIUM	Missing Authorization check in SAP Service Parts Management (SPM)
CVE-2025-43009	6.3 MEDIUM	Missing Authorization check in SAP Service Parts Management (SPM)
CVE-2025-31329	6.2 MEDIUM	Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Pla
CVE-2025-43006	6.1 MEDIUM	Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master D
CVE-2025-30010	6.1 MEDIUM	Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-30009	6.1 MEDIUM	Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-43004	5.3 MEDIUM	Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator
CVE-2025-30011	5.3 MEDIUM	Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-26662	4.4 MEDIUM	Cross-Site Scripting (XSS) vulnerability in the SAP Data Services Management Console
CVE-2025-43005	4.3 MEDIUM	Information Disclosure vulnerability in SAP GUI for Windows
CVE-2025-43002	4.3 MEDIUM	Missing Authorization check in SAP S4/HANA (OData meta-data property)

IV. Related Vulnerabilities

Same product: SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

CVE-2026-27687
Missing Authorization check in SAP S/4HANA HCM Portugal and

Same vendor: SAP_SE

Same weakness: CWE-862

V. Comments for CVE-2025-43008

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-43008— Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal

I. Basic Information for CVE-2025-43008

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-43008

III. Intelligence Information for CVE-2025-43008

Same Patch Batch · SAP_SE · 2025-05-13 · 20 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-43008

Leave a comment