SAP SRM Authenticated Arbitrary File Upload
CVE-2025-42910 Published on October 14, 2025
Unrestricted File Upload Vulnerability in SAP Supplier Relationship Management
Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the user which could host malware. On successful exploitation an attacker could cause high impact on confidentiality, integrity and availability of the application.
Vulnerability Analysis
CVE-2025-42910 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2025-42910 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2025-42910
Want to know whenever a new CVE is published for SAP Supplier Relationship Management? stack.watch will email you.
Affected Versions
SAP_SE SAP Supplier Relationship Management:- Version SRMNXP01 100 is affected.
- Version 150 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.