VDB
CISA-2025-42953
CISA-2025-42953
PUBLISHED
CVSS 8.1 HIGH
Reported by sap · Published July 8, 2025
SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system.
Risk Scores
CVSS 3.1
8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP_SE | SAP NetWeaver Application Server for ABAP | SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731 |
| SAP_SE | SAP NetWeaver Application Server for ABAP | SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731 |
Timeline
- Jul 8, 2025 CVE Published
- Jul 11, 2025 CVE Updated