← back
CVE-2025-31331

Authorization Bypass vulnerability in SAP NetWeaver

CVSS 4.3 MEDIUMEPSS 0.3%CWE-863
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
SAP_SE · SAP NetWeaver

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://me.sap.com/notes/3577131https://url.sap/sapsecuritypatchday