CVE-2025-27435: Information Disclosure Vulnerability in SAP Commerce Cloud
First published: Tue Apr 08 2025(Updated: )
Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. This could allow the attacker to use the disclosed coupon code, hence posing a low impact on confidentiality and integrity of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Commerce |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-27435?
CVE-2025-27435 is classified as a low severity vulnerability.
How do I fix CVE-2025-27435?
To fix CVE-2025-27435, update to the latest version of SAP Commerce that addresses this vulnerability.
Who is affected by CVE-2025-27435?
SAP Commerce users who implement coupon campaigns are affected by CVE-2025-27435.
What is the impact of CVE-2025-27435?
CVE-2025-27435 allows an unauthenticated attacker to access and use exposed customer coupon codes.
When was CVE-2025-27435 reported?
CVE-2025-27435 was reported in early 2025.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/sap
- canonical/sap commerce