CVE-2025-42993 – SAP S/4HANA Unauthorized Event Consumption and Code Execution Vulnerability

June 9, 2025

CVE ID : CVE-2025-42993

Published : June 10, 2025, 1:15 a.m. | 23 minutes ago

Description : Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound Binding Configuration could create an RFC destination and assign an arbitrary high-privilege user. This allows the attacker to consume events via the RFC destination, leading to code execution under the privileges of the assigned high-privilege user. While the vulnerability has a low impact on Availability, it significantly poses a high risk to both Confidentiality and Integrity.

Severity: 6.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-42995 – SAP MDM Server Denial of Service (DoS)

Next Article CVE-2025-42990 – SAPUI5 Cross-Site Scripting (XSS)

Highlights

CVE-2025-4833 – TOTOLINK A702R/A3002R/A3002RU HTTP POST Request Handler Buffer Overflow Vulnerability

May 17, 2025

CVE ID : CVE-2025-4833

Published : May 17, 2025, 6:15 p.m. | 2 hours, 6 minutes ago

Description : A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. This issue affects some unknown processing of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

Copilot Vision just launched — and Microsoft already added new features

Master Data Management: The Key to Improved Analytics Reporting

Master Data Management: The Key to Improved Analytics Reporting

Salesforce Lead-to-Revenue Management

React Native 0.80 – React 19.1, JS API Changes, Freezing Legacy Arch and much more

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

CVE-2025-42993 – SAP S/4HANA Unauthorized Event Consumption and Code Execution Vulnerability

Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists

PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers

I can’t believe I’m enjoying Call of Duty: Warzone’s new weed-themed limited time game mode this much

British Prime Minister wants access to messaging apps

From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign

CVE-2025-28029 – TOTOLINK Buffer Overflow Vulnerability

CVE-2025-4833 – TOTOLINK A702R/A3002R/A3002RU HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-5806 – Jenkins Gatling Plugin Cross-Site Scripting Vulnerability

jdSystemMonitor is a desktop-independent system monitor for Linux

The Mainframe Muggle Chronicles – Part 2: A Heretic Among Zealots

CVE-2025-42993 – SAP S/4HANA Unauthorized Event Consumption and Code Execution Vulnerability

Related Posts