CVE-2025-42934
Published: 12 August 2025
Summary
CVE-2025-42934 is a medium-severity HTTP Request/Response Splitting (CWE-113) vulnerability in Sap (inferred from references). Its CVSS base score is 4.3 (Medium).
Operationally, ranked at the 39.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24216
Vulnerability details
SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the 'Trusted Sites' configuration by injecting line feed (LF) characters into application inputs. This vulnerability has a…
more
low impact on the application's integrity and no impact on confidentiality or availability.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.