CVE-2025-30013

MEDIUM Year: 2025
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. These function modules, when executed with elevated privileges, improperly handle user input, allowing attacker to inject arbitrary OS commands. This vulnerability allows the execution of unintended commands on the underlying system, posing a significant security risk to the confidentiality, integrity and availability of the application.

Related Vulnerabilities

CVE-2017-6186

MEDIUM
CVSS:6.7(Medium)

Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-prot...

CWE-942017

CVE-2018-3686

MEDIUM
CVSS:6.7(Medium)

Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access.

CWE-942018

CVE-2018-3700

MEDIUM
CVSS:6.7(Medium)

Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation...

CWE-942018

CVE-2020-8140

MEDIUM
CVSS:6.7(Medium)

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.

CWE-942020

CVE-2021-3411

MEDIUM
CVSS:6.7(Medium)

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerabilit...

CWE-942021

CVE-2022-29813

MEDIUM
CVSS:6.7(Medium)

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible

CWE-942022