CVE-2025-43009 – SAP Service Parts Management Privilege Escalation Vulnerability

May 13, 2025

CVE ID : CVE-2025-43009

Published : May 13, 2025, 1:15 a.m. | 1 hour, 49 minutes ago

Description : SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-43011 – SAP Landscape Transformation Authorization Bypass Vulnerability

Next Article CVE-2025-43008 – Microsoft SharePoint Information Disclosure Vulnerability

Highlights

CVE-2025-5174 – Erdogant PyPickle Deserialization Vulnerability

May 26, 2025

CVE ID : CVE-2025-5174

Published : May 26, 2025, 7:15 a.m. | 1 hour, 56 minutes ago

Description : A vulnerability was found in erdogant pypickle up to 1.1.5 and classified as problematic. Affected by this issue is the function load of the file pypickle/pypickle.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 14b4cae704a0bb4eb6723e238f25382d847a1917. It is recommended to upgrade the affected component.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

CVE-2025-43009 – SAP Service Parts Management Privilege Escalation Vulnerability

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

Excel’s new Power Query update makes data importing smarter

CVE-2025-45017 – PHPGurukul Park Ticketing Management System SQL Injection Vulnerability

Google’s June Pixel drop is here! 7 cool new upgrades rolling out to your phone soon

A Steam Deck prototype was sold on Ebay for $2000

CVE-2025-5174 – Erdogant PyPickle Deserialization Vulnerability

84,000+ Roundcube Webmail Installation Vulnerable to Remote Code Execution Attacks

Windows 11 is getting AI Actions in File Explorer — here’s how to try them right now

CVE-2025-5633 – Content Management System and News-Buzz SQL Injection Vulnerability

CVE-2025-43009 – SAP Service Parts Management Privilege Escalation Vulnerability

Related Posts