← back
CVE-2025-42961

Missing Authorization check in SAP NetWeaver Application Server for ABAP

CVSS 4.9 MEDIUMEPSS 0.3%CWE-862
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.9EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Jul 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected products
SAP_SE · SAP NetWeaver Application Server for ABAP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://me.sap.com/notes/3610322https://url.sap/sapsecuritypatchday