VDB

CISA-2025-42961

CISA-2025-42961 PUBLISHED CVSS 4.9 MEDIUM

Reported by sap · Published July 8, 2025

Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected.

Risk Scores

CVSS 3.1
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702
SAP_SESAP NetWeaver Application Server for ABAPSAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702

Timeline

  • Jul 8, 2025 CVE Published
  • Jul 8, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›