CVE-2025-42949

Missing Authorization check in ABAP Platform

CVSS 4.9 MEDIUMEPSS 0.3%CWE-862

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.9EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

12 Aug 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper authorization, leading to a significant compromise of data confidentiality. However, the integrity and availability of the system remain unaffected.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected products

SAP_SE · ABAP Platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://me.sap.com/notes/3626722 https://url.sap/sapsecuritypatchday