CVE-2025-25243

SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any user interaction. This can reveal highly sensitive information with no impact to integrity or availability. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt