VDB

CISA-2025-42953

CISA-2025-42953 PUBLISHED CVSS 8.1 HIGH

Reported by sap · Published July 8, 2025

SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.

Risk Scores

CVSS 3.1
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Affected Products

VendorProductVersions
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731

Timeline

  • Jul 8, 2025 CVE Published
  • Jul 11, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›