CVE-2025-43010

HIGH Year: 2025
CVSS v3 Score
8.3
High
Weakness Type
CWE-94
View all →

Vulnerability Description

SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.

Related Vulnerabilities

CVE-2021-42574

HIGH
CVSS:8.3(High)

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft sourc...

CWE-942021

CVE-2021-42694

HIGH
CVSS:8.3(High)

An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using ho...

CWE-942021

CVE-2024-21672

HIGH
CVSS:8.3(High)

This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 a...

CWE-942024

CVE-2024-9593

HIGH
CVSS:8.3(High)

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'e...

CWE-942024

CVE-2025-3776

HIGH
CVSS:8.3(High)

The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax_handler' function. This is due ...

CWE-942025

CVE-2016-7102

HIGH
CVSS:8.4(High)

ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.

CWE-942016