CVE-2025-43009: Missing Authorization check in SAP Service Parts Management (SPM)
First published: Tue May 13 2025(Updated: )
SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Service Parts Management |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-43009?
CVE-2025-43009 has a low impact on confidentiality, integrity, and availability.
How can I mitigate CVE-2025-43009?
To mitigate CVE-2025-43009, ensure that proper authorization checks are implemented for user actions within SAP Service Parts Management.
Who is affected by CVE-2025-43009?
CVE-2025-43009 affects users of SAP Service Parts Management that do not enforce necessary authorization checks.
What type of vulnerability is CVE-2025-43009?
CVE-2025-43009 is a privilege escalation vulnerability due to inadequate authorization checks.
Can CVE-2025-43009 be exploited remotely?
CVE-2025-43009 requires authenticated access to exploit, meaning attackers must already have valid user credentials.
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/title
- agent/references
- agent/source
- agent/type
- agent/first-publish-date
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap service parts management