CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-42937

CVSS 9.8v3.1pub. 2025-10-14upd. 2026-04-15

SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application.

🤖 AI Analysis
How it works

SAP Print Service (SAPSprint) does not perform sufficient validation of paths supplied by the user (CWE-35 — path traversal). An attacker without any credentials can use appropriately crafted path sequences (e.g., '../') to exit the allowed working directory, reach parent directories, and overwrite any system files accessible in the context of the service process.

Impact

An attacker can overwrite critical system files, leading to loss of data integrity and confidentiality, and potentially causing complete unavailability of the application or operating system. The attack is possible remotely and without authentication.

Mitigation & patch

Patches available from the vendor must be applied in accordance with the references — SAP Security Note 3630595 published as part of SAP Security Patch Day. Details available at: https://me.sap.com/notes/3630595

Who is affected

SAP Print Service (SAPSprint) — versions indicated in the vendor references (SAP Security Note 3630595)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References