【Vulnerability Alert】Significant Security Vulnerability in SAP GRC (CVE-2025-42982)

Date Posted: 2025/06/12

Subject: 【Vulnerability Alert】Significant Security Vulnerability in SAP GRC (CVE-2025-42982)

Content Description:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202506-00000008
- SAP has issued a significant security vulnerability announcement for its GRC product (CVE-2025-42982, CVSS: 8.8). This vulnerability allows non-administrator users to access specific transactions, which could lead to modification or manipulation of credentials transmitted by the system. Successful exploitation would severely impact the confidentiality, integrity, and availability of the application.
Affected Platforms:
- GRCPINW V1100_700, V1100_731
Suggested Measures:
- Please visit the official website for patching: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html
References:
1. https://www.twcert.org.tw/tw/cp-169-10176-6114a-1.html

Computer and Communications Center Network Systems Division Respectfully