cvelistv5 - cve-2025-27428

CVE-2025-27428 (GCVE-0-2025-27428)

Vulnerability from cvelistv5

Published

2025-04-08 07:13

Modified

2025-04-08 14:50

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-862 - Missing Authorization

Summary

Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on confidentiality. There is no impact on integrity or availability.

References

URL

Tags

	https://me.sap.com/notes/3581811
	https://url.sap/sapsecuritypatchday

Impacted products

	Vendor	Product	Version
	SAP_SE	SAP NetWeaver and ABAP Platform (Service Data Collection)	Version: ST-PI 2008_1_700 Version: 2008_1_710 Version: 740

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27428",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T13:14:41.963380Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-08T14:50:32.851Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SAP NetWeaver and ABAP Platform (Service Data Collection)",
          "vendor": "SAP_SE",
          "versions": [
            {
              "status": "affected",
              "version": "ST-PI 2008_1_700"
            },
            {
              "status": "affected",
              "version": "2008_1_710"
            },
            {
              "status": "affected",
              "version": "740"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDue to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on confidentiality. There is no impact on integrity or availability.\u003c/p\u003e"
            }
          ],
          "value": "Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on confidentiality. There is no impact on integrity or availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "eng",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-08T07:13:27.056Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://me.sap.com/notes/3581811"
        },
        {
          "url": "https://url.sap/sapsecuritypatchday"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2025-27428",
    "datePublished": "2025-04-08T07:13:27.056Z",
    "dateReserved": "2025-02-25T09:29:51.243Z",
    "dateUpdated": "2025-04-08T14:50:32.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27428\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-08T13:14:41.963380Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-08T13:21:29.874Z\"}}], \"cna\": {\"title\": \"Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SAP_SE\", \"product\": \"SAP NetWeaver and ABAP Platform (Service Data Collection)\", \"versions\": [{\"status\": \"affected\", \"version\": \"ST-PI 2008_1_700\"}, {\"status\": \"affected\", \"version\": \"2008_1_710\"}, {\"status\": \"affected\", \"version\": \"740\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://me.sap.com/notes/3581811\"}, {\"url\": \"https://url.sap/sapsecuritypatchday\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on confidentiality. There is no impact on integrity or availability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eDue to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on confidentiality. There is no impact on integrity or availability.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"eng\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862: Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"shortName\": \"sap\", \"dateUpdated\": \"2025-04-08T07:13:27.056Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-27428\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-08T14:50:32.851Z\", \"dateReserved\": \"2025-02-25T09:29:51.243Z\", \"assignerOrgId\": \"e4686d1a-f260-4930-ac4c-2f5c992778dd\", \"datePublished\": \"2025-04-08T07:13:27.056Z\", \"assignerShortName\": \"sap\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0285

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que la vulnérabilité CVE-2025-31324 est activement exploitée.

Impacted products

Vendor	Product	Description
SAP	S/4HANA (Private Cloud)	S/4HANA (Learning Solution) versions S4HCMGXX 100 et 101 sans le dernier correctif de sécurité
SAP	NetWeaver Application Server pour ABAP	NetWeaver Application Server ABAP (applications based on GUI for HTML) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.14 sans le dernier correctif de sécurité
SAP	SAP BusinessObjects Business Intelligence	BusinessObjects Business Intelligence platform (Central Management Console) versions ENTERPRISE 430 et 2025 sans le dernier correctif de sécurité
SAP	NetWeaver Application Server pour ABAP	NetWeaver Application Server ABAP (Virus Scan Interface) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de sécurité
SAP	NetWeaver et ABAP	NetWeaver et ABAP Platform (Service Data Collection) versions ST-PI 2008_1_700, 2008_1_710 et 740 sans le dernier correctif de sécurité
SAP	NetWeaver Application Server pour ABAP	NetWeaver versions SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de sécurité
SAP	S4CORE entity	S4CORE entity versions S4CORE 107 et 108 sans le dernier correctif de sécurité
SAP	Commerce Cloud	Commerce Cloud versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité
SAP	ERP BW Business Content	ERP BW Business Content versions BI_CONT 707, 737, 747 et 757 sans le dernier correctif de sécurité
SAP	Commerce Cloud	Commerce Cloud (Public Cloud) version COM_CLOUD 2211 sans le dernier correctif de sécurité
SAP	N/A	Field Logistics versions S4CORE 107 et 108 sans le dernier correctif
SAP	NetWeaver Application Server pour ABAP	NetWeaver Application Server ABAP versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89 et 7.93 sans le dernier correctif de sécurité
SAP	NetWeaver et ABAP	NetWeaver (Visual Composer development server) versions VCFRAMEWORK 7.50 sans le dernier correctif de sécurité
SAP	NetWeaver et ABAP	NetWeaver et ABAP Platform (Application Server ABAP) versions KRNL64UC 7.53, KERNEL 7.53 et 7.54 sans le dernier correctif de sécurité
SAP	Solution Manager	Solution Manager versions ST 720, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 914 sans le dernier correctif de sécurité
SAP	Capital Yield Tax Management	Capital Yield Tax Management versions CYTERP 420_700, CYT 800, IBS 7.0 et CYT4HANA 100 sans le dernier correctif de sécurité
SAP	SAP BusinessObjects Business Intelligence	BusinessObjects Business Intelligence Platform version ENTERPRISE 430 sans le dernier correctif de sécurité
SAP	S/4HANA (Private Cloud)	S/4HANA (Private Cloud) versions S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de sécurité
SAP	CRM	CRM et S/4HANA (Interaction Center) versions S4CRM 100, 200, 204, 205, 206, S4FND 102, 103, 104, 105, 106, 107, 108, S4CEXT 107, 108, BBPCRM 701, 702, 712, 713, 714, WEBCUIF 701, 731, 746, 747, 748, 800 et 801 sans le dernier correctif de sécurité
SAP	KMC WPC	KMC WPC version KMC-WPC 7.50 sans le dernier correctif de sécurité
SAP	Landscape Transformation	Landscape Transformation (Analysis Platform) versions DMIS 2011_1_700, 2011_1_710, 2011_1_730 et 2011_1_731 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité SAP april-2025	2025-04-08	vendor-advisory
FAQ sur l'exploitation de la vulnérabilité CVE-2025-31324	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "S/4HANA (Learning Solution) versions S4HCMGXX 100 et 101 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "S/4HANA (Private Cloud)",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Application Server ABAP (applications based on GUI for HTML) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.14 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver Application Server pour ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "BusinessObjects Business Intelligence platform (Central Management Console) versions ENTERPRISE 430 et 2025 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "SAP BusinessObjects Business Intelligence",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Application Server ABAP (Virus Scan Interface) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver Application Server pour ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver et ABAP Platform (Service Data Collection) versions ST-PI 2008_1_700, 2008_1_710 et 740 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver et ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver versions SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver Application Server pour ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S4CORE entity versions S4CORE 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "S4CORE entity",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce Cloud versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Commerce Cloud",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "ERP BW Business Content versions BI_CONT 707, 737, 747 et 757 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "ERP BW Business Content",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce Cloud (Public Cloud) version COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9\n",
      "product": {
        "name": "Commerce Cloud",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Field Logistics versions S4CORE 107 et 108 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Application Server ABAP versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89 et 7.93 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver Application Server pour ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver (Visual Composer development server) versions VCFRAMEWORK 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver et ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver et ABAP Platform (Application Server ABAP) versions KRNL64UC 7.53, KERNEL 7.53 et 7.54 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver et ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Solution Manager versions ST 720, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 914 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Solution Manager",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Capital Yield Tax Management versions CYTERP 420_700, CYT 800, IBS 7.0 et CYT4HANA 100 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Capital Yield Tax Management",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "BusinessObjects Business Intelligence Platform version ENTERPRISE 430 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "SAP BusinessObjects Business Intelligence",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4HANA (Private Cloud) versions S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "S/4HANA (Private Cloud)",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "CRM et S/4HANA (Interaction Center) versions S4CRM 100, 200, 204, 205, 206, S4FND 102, 103, 104, 105, 106, 107, 108, S4CEXT 107, 108, BBPCRM 701, 702, 712, 713, 714, WEBCUIF 701, 731, 746, 747, 748, 800 et 801 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "CRM",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "KMC WPC version KMC-WPC 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "KMC WPC",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Landscape Transformation (Analysis Platform) versions DMIS 2011_1_700, 2011_1_710, 2011_1_730 et 2011_1_731 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Landscape Transformation",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que la vuln\u00e9rabilit\u00e9 CVE-2025-31324 est activement exploit\u00e9e.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-30015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30015"
    },
    {
      "name": "CVE-2025-31333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31333"
    },
    {
      "name": "CVE-2025-27429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27429"
    },
    {
      "name": "CVE-2025-27428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27428"
    },
    {
      "name": "CVE-2025-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0064"
    },
    {
      "name": "CVE-2025-23186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23186"
    },
    {
      "name": "CVE-2025-27435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27435"
    },
    {
      "name": "CVE-2025-26654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26654"
    },
    {
      "name": "CVE-2025-26653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26653"
    },
    {
      "name": "CVE-2025-31324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31324"
    },
    {
      "name": "CVE-2025-30014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30014"
    },
    {
      "name": "CVE-2024-56337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
    },
    {
      "name": "CVE-2025-27437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27437"
    },
    {
      "name": "CVE-2025-30016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30016"
    },
    {
      "name": "CVE-2025-31332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31332"
    },
    {
      "name": "CVE-2025-26657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26657"
    },
    {
      "name": "CVE-2025-31328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31328"
    },
    {
      "name": "CVE-2025-30013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30013"
    },
    {
      "name": "CVE-2025-30017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30017"
    },
    {
      "name": "CVE-2025-27430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27430"
    },
    {
      "name": "CVE-2025-31331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31331"
    },
    {
      "name": "CVE-2025-31330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31330"
    },
    {
      "name": "CVE-2025-31327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31327"
    }
  ],
  "initial_release_date": "2025-04-08T00:00:00",
  "last_revision_date": "2025-04-25T00:00:00",
  "links": [
    {
      "title": "FAQ sur l\u0027exploitation de la vuln\u00e9rabilit\u00e9 CVE-2025-31324",
      "url": "https://me.sap.com/notes/3596125"
    }
  ],
  "reference": "CERTFR-2025-AVI-0285",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-08T00:00:00.000000"
    },
    {
      "description": "Ajout des vuln\u00e9rabilit\u00e9s CVE-2025-31324, CVE-2025-31328 et CVE-2025-31327",
      "revision_date": "2025-04-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 SAP april-2025",
      "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html"
    }
  ]
}

CERTFR-2025-AVI-0764

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
SAP	N/A	Fiori (Launchpad) version SAP_UI 754 sans le dernier correctif de sécurité
SAP	N/A	Supplier Relationship Management versions RM_SERVER 700, 701, 702, 713 et 714 sans le dernier correctif de sécurité
SAP	N/A	S/4HANA (Private Cloud or On-Premise) versions S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de sécurité
SAP	N/A	HCM (Approve Timesheets Fiori 2.0 application) version GBX01HR5 605 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver AS Java (Adobe Document Service) version ADSSAP 7.50 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver Application Server for ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53 et 7.54 sans le dernier correctif de sécurité
SAP	N/A	Netweaver (RMI-P4) version SERVERCORE 7.50 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver Application Server Java version WD-RUNTIME 7.50 sans le dernier correctif de sécurité
SAP	N/A	Fiori app (Manage Payment Blocks) versions S4CORE 107 et 108 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver AS Java (Deploy Web Service) version J2EE-APPS 7.50 sans le dernier correctif de sécurité
SAP	N/A	HCM (My Timesheet Fiori 2.0 application) version GBX01HR5 605 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver and ABAP Platform (Service Data Collection) versions ST-PI 2008_1_700, 2008_1_710 et 740 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver (Service Data Download) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver AS Java (IIOP Service) version SERVERCORE 7.50 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver Application Server for ABAP (Background Processing) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité
SAP	N/A	Commerce Cloud versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver AS for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757 sans le dernier correctif de sécurité
SAP	N/A	BusinessObjects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité
SAP	N/A	Business Planning and Consolidation versions BPC4HANA 200, 300, SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, 758, 816, 914 et CPMBPC 810 sans le dernier correctif de sécurité
SAP	N/A	Fiori App (F4044 Manage Work Center Groups) versions UIS4HOP1 600, 700, 800 et 900 sans le dernier correctif de sécurité
SAP	N/A	Landscape Transformation Replication Server versions DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752 et 2020 sans le dernier correctif de sécurité
SAP	N/A	Business One (SLD) versions B1_ON_HANA 10.0 et SAP-M-BO 10.0 sans le dernier correctif de sécurité
SAP	N/A	NetWeaver ABAP Platform versions S4CRM 100, 200, 204, 205, 206, S4CEXT 109, BBPCRM 713 et 714 sans le dernier correctif de sécurité
SAP	N/A	Commerce Cloud and Datahub versions HY_COM 2205, HY_DHUB 2205, COM_CLOUD 2211 et DHUB_CLOUD 2211 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité SAP september-2025

2025-09-09

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Fiori (Launchpad) version SAP_UI 754 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Supplier Relationship Management versions RM_SERVER 700, 701, 702, 713 et 714 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4HANA (Private Cloud or On-Premise) versions S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "HCM (Approve Timesheets Fiori 2.0 application) version GBX01HR5 605 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver AS Java (Adobe Document Service) version ADSSAP 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Application Server for ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53 et 7.54 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Netweaver (RMI-P4) version SERVERCORE 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Application Server Java version WD-RUNTIME 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Fiori app (Manage Payment Blocks) versions S4CORE 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver AS Java (Deploy Web Service) version J2EE-APPS 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "HCM (My Timesheet Fiori 2.0 application) version GBX01HR5 605 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver and ABAP Platform (Service Data Collection) versions ST-PI 2008_1_700, 2008_1_710 et 740 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver (Service Data Download) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver AS Java (IIOP Service) version SERVERCORE 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Application Server for ABAP (Background Processing) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce Cloud versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver AS for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "BusinessObjects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Business Planning and Consolidation versions BPC4HANA 200, 300, SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, 758, 816, 914 et CPMBPC 810 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Fiori App (F4044 Manage Work Center Groups) versions UIS4HOP1 600, 700, 800 et 900 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Landscape Transformation Replication Server versions DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752 et 2020 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Business One (SLD) versions B1_ON_HANA 10.0 et SAP-M-BO 10.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver ABAP Platform versions S4CRM 100, 200, 204, 205, 206, S4CEXT 109, BBPCRM 713 et 714 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce Cloud and Datahub versions HY_COM 2205, HY_DHUB 2205, COM_CLOUD 2211 et DHUB_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-42911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42911"
    },
    {
      "name": "CVE-2025-42938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42938"
    },
    {
      "name": "CVE-2025-42958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42958"
    },
    {
      "name": "CVE-2025-42944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42944"
    },
    {
      "name": "CVE-2025-27428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27428"
    },
    {
      "name": "CVE-2025-22228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
    },
    {
      "name": "CVE-2025-42916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42916"
    },
    {
      "name": "CVE-2025-42914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42914"
    },
    {
      "name": "CVE-2025-42961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42961"
    },
    {
      "name": "CVE-2025-42922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42922"
    },
    {
      "name": "CVE-2024-13009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2025-42929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42929"
    },
    {
      "name": "CVE-2025-42920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42920"
    },
    {
      "name": "CVE-2025-42930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42930"
    },
    {
      "name": "CVE-2025-42913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42913"
    },
    {
      "name": "CVE-2025-42915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42915"
    },
    {
      "name": "CVE-2025-42918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42918"
    },
    {
      "name": "CVE-2025-42923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42923"
    },
    {
      "name": "CVE-2025-42926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42926"
    },
    {
      "name": "CVE-2025-42933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42933"
    },
    {
      "name": "CVE-2025-42917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42917"
    },
    {
      "name": "CVE-2025-42912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42912"
    },
    {
      "name": "CVE-2023-27500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27500"
    },
    {
      "name": "CVE-2025-42925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42925"
    },
    {
      "name": "CVE-2025-42927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42927"
    },
    {
      "name": "CVE-2025-42941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42941"
    }
  ],
  "initial_release_date": "2025-09-09T00:00:00",
  "last_revision_date": "2025-09-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0764",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": "2025-09-09",
      "title": "Bulletin de s\u00e9curit\u00e9 SAP september-2025",
      "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2025.html"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-27428 (GCVE-0-2025-27428)

Vulnerability from cvelistv5

CERTFR-2025-AVI-0285

Vulnerability from certfr_avis

Solutions

CERTFR-2025-AVI-0764

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature