How ZeroPath Works
Back to Blog

SAP Print Service CVE-2025-42937: Brief Summary of Critical Path Traversal Vulnerability

This post provides a brief summary of CVE-2025-42937, a critical path traversal vulnerability in SAP Print Service (SAPSprint) with a CVSS score of 9.8. The flaw allows unauthenticated attackers to traverse directories and overwrite system files, posing a significant risk to confidentiality, integrity, and availability. Technical details, affected versions, vendor history, and references are included based on available public information.
CVE Analysis

7 min read

ZeroPath CVE Analysis

ZeroPath CVE Analysis

2025-10-13

SAP Print Service CVE-2025-42937: Brief Summary of Critical Path Traversal Vulnerability
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Attackers can overwrite critical system files on SAP Print Service deployments without authentication, risking data loss, service disruption, and potentially full system compromise. SAP Print Service (SAPSprint) is widely used to bridge SAP Business Technology Platform applications with on-premises printers, making this vulnerability relevant for any enterprise with SAP cloud-to-local print integration.

About SAP: SAP SE is one of the largest enterprise software vendors globally, powering business operations for over 400,000 customers. Their platforms are central to finance, supply chain, HR, and analytics in organizations of all sizes. Security flaws in SAP products can have wide-ranging impacts across industries.

Technical Information

CVE-2025-42937 is a path traversal vulnerability in SAP Print Service (SAPSprint). The flaw arises from insufficient validation of user-supplied path information. Specifically, the vulnerability is categorized as CWE-35, which covers path traversal issues involving sequences like .../...// (doubled triple dot slash). This technique can bypass basic filtering that only looks for standard ../ patterns. An unauthenticated attacker can exploit this by submitting crafted path input, traversing parent directories, and overwriting system files that the SAP Print Service process can access. The impact includes compromise of confidentiality, integrity, and availability. No further technical details, code snippets, or endpoint specifics are available in public sources at this time.

Affected Systems and Versions

  • Product: SAP Print Service (SAPSprint)
  • No specific version numbers or version ranges are publicly disclosed as affected.
  • Vulnerable configurations: Any SAP Print Service deployment that processes user-supplied path information without sufficient validation.

Vendor Security History

SAP has a documented history of path traversal vulnerabilities in core products. Notable examples include:

  • CVE-2017-12637 (SAP NetWeaver AS Java): Path traversal allowing file disclosure and credential theft, later added to CISA's Known Exploited Vulnerabilities catalog (analysis).
  • CVE-2025-30014 (SAP Capital Yield Tax Management): Directory traversal due to insufficient path validation.

SAP maintains a monthly patch cycle and collaborates with external researchers. Despite these efforts, critical vulnerabilities continue to surface, reflecting the complexity of SAP's product landscape.

References

Detect & fix
what others miss

Get startedBook a demo