CVE-2025-30015

Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)

CVSS 4.1 MEDIUMEPSS 0.2%CWE-787

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

08 Apr 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Affected products

SAP_SE · SAP NetWeaver and ABAP Platform (Application Server ABAP)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://me.sap.com/notes/3565944 https://url.sap/sapsecuritypatchday