CVE-2025-42892 in Business Connectorinfo

Summary

by MITRE • 11/11/2025

Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to full compromise of the system�s confidentiality, integrity, and availability.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

Sap

Reservation

04/16/2025

Disclosure

11/11/2025

Moderation

accepted

Entry

VDB-331791

CPE

ready

CWE

CWE-78 (confirmed)

CVSS

6.8 (CNA)

EPSS

0.00069

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-42892
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-42892
CVE Details	https://www.cvedetails.com/cve/CVE-2025-42892/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!